Who Must Follow HIPAA Compliance Laws

July 29, 2022

There is sometimes confusion about who must follow HIPAA

rules because the requirement to protect personally identifiable

health information is only a small part of a very important Act.

Even when this small section is extracted and analyzed, it is still

not always clear who HIPAA applies to and which organizations

need to implement HIPAA compliance programs. Entities that

must follow the HIPAA regulations are called "covered entities."

Covered entities include:

  • Health Plans, including health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
  • Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
  • Health Care Clearinghouses—entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
  • In addition, business associates of covered entities must follow parts of the HIPAA regulations.

In addition, business associates of covered entities must follow parts of the HIPAA regulations. Often, contractors, subcontractors, and other outside persons and companies that are not employees of a covered entity will need to have access to your health information when providing services to the covered entity. We call these entities “business associates.” Examples of business associates include:

  • Companies that help your doctors get paid for providing health care, including billing companies and companies that process your health care claims
  • Companies that help administer health plans
  • People like outside lawyers, accountants, and IT specialists
  • Companies that store or destroy medical records

Covered entities must have contracts in place with their business associates, ensuring that they use and disclose your health information properly and safeguard it appropriately. Business associates must also have similar contracts with subcontractors. Business associates (including subcontractors) must follow the use and disclosure provisions of their contracts and the Privacy Rule, and the safeguard requirements of the Security Rule.

The HIPAA Privacy and Security Rules requires all HIPAA-covered

entities and business associates to implement a range of

safeguards to ensure the confidentiality, integrity, and

availability of protected health information. Online forms are

not specifically mentioned in the HIPAA text, but the Privacy and

Security Rules do apply to online forms. Zentake provides HIPAA compliant forms so your organization can collect health

information safely and securely. Schedule a consultation to learn

what makes ZENTAKE the leader in HIPAA compliant forms.


Back