Under the Privacy Rule, "covered entities" are obligated to safeguard protected health information (PHI) from unauthorized and impermissible uses and disclosures.
There are three types of covered entities:
1. Health plans.
2. Healthcare clearinghouses.
3. Healthcare providers that electronically transmit health information, in connection with
a HIPAA-covered transaction.
Health plans
Health plans may include:
Individual and group plans that provide or pay the cost of medical care (e.g., health, dental, vision, and prescription drug insurers)
Health Maintenance Organizations (HMOs)
Medicare, Medicaid, and Medicare supplement insurers
Long-term care insurers
Employer-sponsored group health plans
Government and church-sponsored plans
Multi-employer health plans
Healthcare Clearinghouses
A healthcare clearinghouse is public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “value-added” networks and switches, that does either of the following functions:
(1) Processes or facilitates the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction; OR
(2) Receives a standard transaction from another entity and processes or facilitates the processing of health information into nonstandard format or nonstandard data content for the receiving entity.
Healthcare Providers
Healthcare providers include providers of medical or health services, and any other person or organization that furnishes, bills, or is paid for healthcare. Examples of healthcare providers include:
Doctors
Clinics
Psychologists
Dentists
Chiropractors
Nursing homes
Pharmacies
To qualify as a covered entity, a healthcare provider must transmit health information in in connection with a HIPAA-covered transaction. The transmission must be in electronic form. These transactions (“covered transactions”) involve transmission of information between two parties to carry out financial or administrative activities related to health care.
HIPAA-covered transactions include the following types of information transmissions:
Health claims or equivalent encounter information
Health care payment and remittance advice
Transmissions related to coordination of benefits
Health care claim status transmissions
Transmissions regarding enrollment and disenrollment in a health plan
Transmissions related to eligibility for a health plan.
Health plan premium payments.
Referral certification and authorization.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article