C overed Entities and Business Associates
What Are the Different Groups Under HIPAA Compliance?
When understanding HIPAA compliance, it's important to know which entities need to adhere to these regulations to uphold data privacy and prevent possible penalties. Broadly speaking, there are two types of organizations obligated to comply with HIPAA.
Covered Entities
Directly Involved With Healthcare
Covered entities (CEs) encompass a range of organizations directly engaged in providing or managing healthcare services. This includes medical practitioners like physicians, dentists, pharmacists, and nurses, as well as healthcare facilities such as hospitals, clinics, and nursing homes. Health plans, like HMOs, PPOs, Medicare/Medicaid programs, and employer-sponsored health plans, are also classified as covered entities.
Business Associates
Third-Party Service Providers
Business associates (BAs) are external service providers that handle Protected Health Information (PHI) while conducting services for covered entities. This includes billing companies involved in claims processing and patient account management, electronic health record (EHR) vendors responsible for developing or managing EHR systems for healthcare providers, as well as IT service providers.
T he key tenets of HIPAA compliance
How to Keep Sensitive Information Secure
Privacy Rule
This establishes national standards for protecting individuals' medical records and personal health information (PHI).
Security Rule
Outlines administrative, physical, and technical safeguards to protect electronic protected health information (ePHI).
Breach Notification
Requires individuals, the Dept. of Health & Human Services, and occasionally the media to be notified in case of a breach.
Enforcement Rule
Procedures for investigating complaints of HIPAA violations and outlines penalties for non-compliance.
HITECH Act
Strengthens HIPAA regulations by expanding privacy and security requirements for electronic health records
Omnibus Rule
Combines multiple updates to HIPAA regulations, including modifications required by the HITECH Act.
Business Associate Agreements (BAAs)
Outlines responsibilities of business associates regarding HIPAA compliance and PHI protection.
Minimum Necessary Standard
Covered entities must limit the use, disclosure, and request of PHI to the minimum information necessary.
Patient Rights
HIPAA grants patients several rights, including access to their medical records, request amendments, and more.
Training & Awareness
Entities are required to train their workforce on HIPAA regulations, policies, and procedures for compliance.
H ippa compliance faq
Get Your Questions Answered by IT Professionals
What Our Clients Are Saying
“There is just too much information to make clear informed IT decisions that are best for your business. TSI’s cloud specialists helped navigate through the abyss of buzzwords and tech-centric concepts to help our business become more efficient and reduce IT capital expenditures. TSI’s ability to outline and explain the variety of available options helped solidify our decision to move to the cloud. I came out of the experience truly appreciating TSI’s approach."
Investment Group / Hyannis, MA