Who Must Comply with the HIPAA Privacy Rule?

The HIPAA Privacy Rule pertains to health care providers, health plans, and health care clearinghouses and to the business associates of these entities.

Health care providers – As long as they transmit information electronically, “health care provider” includes close to all entities in the business of doctors, clinics, psychologists, dentists, chiropractors, nursing homes and pharmacies.

Health plans – This term includes health insurance companies, HMOs, company health plans and government programs that pay for healthcare (such as Medicare, Medicaid, and the military and veterans health programs.

Health care clearinghouses – This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

Business associates – These are third parties that perform services for a covered entity that uses or discloses protected health information. They can be based overseas and include practice management services, data processing and pharmacy benefits managers.

Concerns with HIPAA

2013 HIPAA Omnibus Rule


Read more: