What Are Covered Entities Under HIPAA?


Your Guide to Entities Covered by HIPAA

If you’ve done business with a hospital in the past five years, your health care records are probably covered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA was enacted to protect data on people covered by health insurance or who received benefits through the Medicaid program. This post will discuss what medical organizations are considered to be Covered Entities under HIPAA and why they’re so important.

What Makes an Organization a Covered Entity?

If you belong to a health plan, think about the following: If you go to a hospital for treatment or if you’ve ever received any benefits from Medicaid, your medical information is at least partially covered by HIPAA. If you’re involved in the health care system, you’re a covered entity. Your organization is automatically considered a Covered Entity by the HIPAA standards.

A Covered Entity is a business or organization that owns, maintains, or operates one of the following: A health plan; a public health plan; or an entity that offers medical care, diagnosis, and treatment to individuals on an outpatient basis more than one month. 

What Are Covered Entities Under HIPAA?

If you’ve done business with a hospital in the past five years, your health care records are probably covered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA was enacted to protect consumers covered by health insurance or received benefits through the Medicaid program. Here are the covered entities under HIPAA:

A Health Care Provider

A health care provider is a business that owns or operates a health care plan. Under HIPAA, your doctor’s office, hospital department, and affiliated outpatient surgery center are all health care providers. Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing Homes, and Pharmacies are all considered healthcare providers in the United States.

A Health Plan

A health plan is an organization that offers coverage for medical services and medical supplies. Health plans are typically issued by insurance companies and paid for by employers, although many types of insurance are available on the open market. Some of the more common types of health plans include HMOs (Health Maintenance Organizations), PPOs (Preferred Provider Organizations), POSs (Point of Service), and FFS (Fee-For-Service).

A Health Care Clearinghouse

A health care clearinghouse is a business or organization that conducts transactions on behalf of health plans. A health care clearinghouse may also perform sales promotion, marketing, and technical support functions related to health benefit plans. Examples include the National Organization of Large Health Plans (NOLHP) and the Medical Management Association (MMA).

What Is A Business Associate?

Someone or an organization who produces goods or services on behalf of a corporation is a Business Associate. Business associate relationships are common in the health care industry, both among individual Covered Entities and between Covered Entities themselves. Business associates often exist in a vague gray area where the rights and responsibilities of the business associate and the entity it serves regarding HIPAA are unclear.

The HIPAA rules are not always clear about strictly what restrictions and regulations apply to business associates. Therefore, business associates need to have a clearly defined understanding of HIPAA requirements in the health care industry. With that in mind, let’s look at some common business associate relationships and how they relate to HIPAA.

Why Is HIPAA Compliance Important?

Although HIPAA doesn’t require health plans to protect your health information, many do. By law, health plans must electronically transmit or store your medical record to you. If they have a security event affecting your medical information, they must notify you. These requirements make HIPAA compliance very important in today’s world.

With the number of data breaches and cyber attacks on medical centers on the rise, you want to protect yourself by ensuring your information is safe. The first step is knowing which entities are covered under HIPAA and how they handle your data.

Cost of HIPAA Violations

HIPAA violations come with stiff penalties. If you violate HIPAA by improperly disclosing, securing, or maintaining protected health information, the government may find your business or organization up to $50,000 for each violation. If the violations are severe, your organization may be fined up to $250,000 for each violation. There are also ways to avoid fines altogether. For instance, if you can prove that you were unaware of violating HIPAA policies, entities might waive the fine.


It is essential for organizations involved in health care to understand the rules and guidelines laid out by the law. Companies caught violating HIPAA can find themselves facing stiff penalties—both financially and legally. HIPAA compliance is a critical component of operating a successful company, and knowing the rules is essential. For more information on HIPAA and how to grow your business, visit our blog now 

Leave a Reply

Your email address will not be published. Required fields are marked *