What is a HIPAA "Covered Entity"?

Modified on Mon, 4 Mar at 9:58 AM

DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.


Under the Privacy Rule, "covered entities" are obligated to safeguard protected health information (PHI) from unauthorized and impermissible uses and disclosures. 

There are three types of covered entities:

1. Health plans.
2. Healthcare clearinghouses.
3. Healthcare providers that electronically transmit health information, in connection with 

 a HIPAA-covered transaction.

Health plans

Health plans may include:

  • Individual and group plans that provide or pay the cost of medical care (e.g., health, dental, vision, and prescription drug insurers)

  • Health Maintenance Organizations (HMOs)

  • Medicare, Medicaid, and Medicare supplement insurers

  • Long-term care insurers

  • Employer-sponsored group health plans

  • Government and church-sponsored plans

  • Multi-employer health plans

Healthcare Clearinghouses
A healthcare clearinghouse is a public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “value-added” networks and switches, that does either of the following functions: 

(1) Processes or facilitates the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction; OR
(2) 
Receives a standard transaction from another entity and processes or facilitates the processing of health information into nonstandard format or nonstandard data content for the receiving entity.

Healthcare Providers
Healthcare providers include providers of medical or health services, and any other person or organization that furnishes, bills, or is paid for healthcare. Examples of healthcare providers include:

  • Doctors

  • Clinics

  • Psychologists

  • Dentists

  • Chiropractors

  • Nursing homes

  • Pharmacies


To qualify as a covered entity, a healthcare provider must transmit health information in in connection with a HIPAA-covered transaction. The transmission must be in electronic form. These transactions (“covered transactions”) involve transmission of information between two parties to carry out financial or administrative activities related to health care.

HIPAA-covered transactions include the following types of information transmissions: 

  1. Health claims or equivalent encounter information

  2. Health care payment and remittance advice

  3. Transmissions related to coordination of benefits

  4. Health care claim status transmissions

  5. Transmissions regarding enrollment and disenrollment in a health plan

  6. Transmissions related to eligibility for a health plan. 

  7. Health plan premium payments. 

  8. Referral certification and authorization. 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article