Entities required to comply with HIPAA Standard
HIPAA compliance is the process of ensuring that your organization is adhering to the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a federal law that protects the privacy and security of protected health information (PHI). PHI is any information that can be used to identify an individual and that relates to their past, present, or future physical or mental health condition, the provision of healthcare to them, or payment for their healthcare.
Who must comply with HIPAA
- Covered entities: These include healthcare providers, health plans, and healthcare clearinghouses.
- Business associates of covered entities: These are entities that perform certain functions or activities on behalf of or provide certain services to a covered entity that involve the use or disclosure of PHI.
- Healthcare providers: This includes doctors, dentists, hospitals, clinics, and other healthcare professionals who provide or pay for healthcare services.
- Health plans: This includes health insurance companies, HMOs, and government programs that pay for healthcare, such as Medicare and Medicaid.
- Healthcare clearinghouses: These are entities that process electronic healthcare data for multiple covered entities.
- Business associates of covered entities: This could include companies that provide billing, claims processing, or other administrative services to covered entities, as well as companies that store or destroy medical records.
It is important to note that HIPAA compliance is not just required for covered entities. Business associates of covered entities are also required to comply with HIPAA. This is because business associates have access to PHI and play a role in protecting the privacy and security of that information.
To learn more about HIPAA Compliance and EDI, and become a CEDIAP® (Certified EDI Academy Professional), please visit our course schedule page.