A Covered Entity CE under HIPAA rules is a healthcare provider, health plan, or healthcare clearinghouse that is required to follow the Health Insurance Portability and Accountability Act's (HIPAA) rules and regulations.
These entities are responsible for protecting patients' sensitive health information, known as protected health information (PHI).
HIPAA defines a Covered Entity CE as any healthcare provider, health plan, or healthcare clearinghouse that electronically transmits health information in connection with a transaction for which the U.S. Department of Health and Human Services (HHS) has adopted a standard.
This includes hospitals, clinics, doctors' offices, insurance companies, and organizations that process medical claims.
Related reading: Accounting Entity
Definition of a Covered Entity
A covered entity, under HIPAA, is defined as a healthcare provider, health plan, or healthcare clearinghouse involved in the transmission of protected health information (PHI).
HIPAA regulation defines a covered entity as such entities involved in transmission for the purpose of payment, treatment, operations, billing, or insurance coverage.
Covered entities can include organizations, institutions, or persons.
A HIPAA covered entity chart from the Department of Health and Human Services (HHS) provides a clearer breakdown of what constitutes a covered entity.
For another approach, see: Does Hipaa Apply to Law Enforcement
Hipaa Compliance
As a covered entity under HIPAA, you're responsible for complying with several regulatory requirements. HIPAA Compliance is a must for any covered entity.
The HIPAA Privacy Rule sets standards for the use of Protected Health Information (PHI) and patients' rights to access their healthcare data. Covered entities must post and provide a Notice of Privacy Practices to patients and clients.
The HIPAA Security Rule sets standards for the electronic transmission, storage, and use of PHI. It also sets standards for computer and network access to PHI.
In the event of a data breach, the HIPAA Breach Notification Rule requires covered entities to follow specific procedures and reporting standards. The rule identifies two classes of breaches: minor (fewer than 500 individuals affected), and meaningful (more than 500 individuals affected).
Here are the three main regulatory requirements covered entities must comply with under HIPAA:
- HIPAA Privacy Rule: sets standards for the use of PHI and patients' rights to access their healthcare data
- HIPAA Security Rule: sets standards for the electronic transmission, storage, and use of PHI, and computer and network access to PHI
- HIPAA Breach Notification Rule: sets specific standards for procedures and reporting in the event of a data breach
Sources
- https://www.cms.gov/priorities/key-initiatives/burden-reduction/administrative-simplification/hipaa/covered-entities
- https://civhc.org/2022/01/19/compliance-corner-covered-entity-or-business-associate/
- https://www.healthit.gov/buzz-blog/privacy-and-security/the-real-hipaa-permitted-uses-and-disclosures
- https://compliancy-group.com/am-i-hipaa-covered-entity-chart/
- https://wondrmedical.net/pages/business-associate-agreement
Featured Images: pexels.com
