If Your Company or Customers Interact In Any Way With Sensitive Patient Data, Don’t Take Any Chances. Make Sure You Are HIPAA Compliant Today.
Who Should Be HIPAA Compliant?
Official rules specify who needs to be HIPAA compliant. The guidelines state that compliance is required of both Covered Entities (any healthcare provider, health plan or healthcare clearinghouse) and Business Associates (any company that comes in contact with electronic protected health information [e-PHI]). According to the U.S. Department of Health and Human Services, all of these companies are known and referred to as Covered Entities (CE). Individuals, organizations and agencies that meet the definition of a Covered Entity under HIPAA must comply with the HIPAA encryption requirements to protect the privacy and security of health information and must provide patients with certain rights with respect to their health information.
A Covered Entity is one of the Following:
A Healthcare Provider
- Nursing Homes
A Health Plan
- Health Insurance Companies
- Company Health Plans
- Government programs that pay for healthcare, such as Medicare, Medicaid and the military and veterans’ healthcare programs
- Flexible Spending Accounts
- Entities that process non-standard health information they receive from another entity into a standard (i.e., standard electronic format or data content or vice versa)
- Billing Services
- Repricing Companies
- Community Health Management Information Systems
Covered Entities must sign Business Associate Agreements with any vendor who, in working with healthcare companies, has any contact with their sensitive patient data. In this manner, any vendor who comes in contact with e-PHI is either a Covered Entity, or by contract, a Business Associate.