Organizations that must comply with HIPAA are called covered entities and include health plans, healthcare providers, or healthcare clearinghouses. We’ve detailed health plans and healthcare clearinghouses in the past. Here, will explore healthcare providers as defined by HIPAA.
A healthcare provider is an individual or an organization that provides healthcare services directly to patients. Covered entities and their business associates must understand all aspects of HIPAA to effectively protect patients during care. Especially when safeguarding patients’ protected health information (PHI) with cybersecurity measures such as HIPAA compliant email.
HIPAA, the Health Insurance Portability and Accountability Act of 1996, protects the rights and privacy of patients. The act was created to improve health coverage standards and combat fraud and abuse related to PHI. The U.S. Department of Health & Human Services (HHS) Office for Civil Rights regulates and enforces the act, which consists of five sections (or titles).
The most referenced is Title II, which sets policies and procedures for maintaining patient privacy with the following rules:
HIPAA secures PHI while allowing organizations to share information as needed and properly care for patients. Understanding and implementing these guidelines is fundamental to avoiding breaches and HIPAA violations.
Organizations involved in the healthcare industry and/or the handling of PHI might fall under the category of a covered entity. Healthcare entities and their associates must follow HIPAA rules when handling PHI.
Under HIPAA (and especially the Privacy Rule), this means
Failure to comply with these responsibilities can result in penalties, including fines and, in some cases, criminal charges. Covered entities must uphold patients’ rights and ensure effective communication about their privacy.
Three covered entities exist: health plans, healthcare clearinghouses, and healthcare providers. Health plans include:
Healthcare clearinghouses act as third-party intermediaries between health insurers (i.e., health plans) and healthcare providers.
Read More: How to know if you’re a covered entity
Like health plans and clearinghouses, healthcare providers play a critical role in the healthcare industry. According to HHS and the HIPAA Administrative Simplification Regulations, a healthcare provider is a “person or organization who furnishes, bills, or is paid for health care in the normal course of business.” Practitioners in this group diagnose and treat patients, maintain medical records, and handle sensitive health information.
Certain healthcare providers can access PHI and electronically submit HIPAA transactions, such as claims. These practitioners need to comply with HIPAA and, according to HHS, include:
Do you qualify as a healthcare provider? HHS points to an interactive PDF flowchart from the Center for Medicare and Medicaid Services. The tool is based on the Administrative Simplification Regulations adopted under HIPAA.
Through a series of questions, individuals or organizations can determine if they qualify as a healthcare provider or another covered entity. There are two questions to answer about healthcare providers:
Anyone uncertain about which questions to answer should answer them all.