Are You a Covered Entity?

A woman juggling insurance, a laptop, and medical personel

HIPAA, or the Health Insurance Portability and Accountability Act of 1996 , covers both individuals and organizations. Those who must comply with HIPAA are often called HIPAA covered entities.

HIPAA covered entities include health plans, clearinghouses, and certain health care providers as follows:

Health Plans

For HIPAA purposes, health plans include:

Health insurance companies
HMOs, or health maintenance organizations
Employer-sponsored health plans
Government programs that pay for health care, like Medicare, Medicaid, and military and veterans’ health programs

Clearinghouses

Clearinghouses include organizations that process nonstandard health information to conform to standards for data content or format, or vice versa, on behalf of other organizations.

Providers

Providers who submit HIPAA transactions , like claims, electronically are covered. These providers include, but are not limited to:

Doctors
Clinics
Psychologists
Dentists
Chiropractors
Nursing homes
Pharmacies

About Business Associates

If a covered entity engages a business associate to help carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that:

Establishes specifically what the business associate has been engaged to do
Requires the business associate to comply with HIPAA

Examples of business associates include:

Third-party administrator that assists a health plan with claims processing
Consultant that performs utilization reviews for a hospital
Health care clearinghouse that translates a claim from a nonstandard format into a standard transaction on behalf of a health care provider, and forwards the processed transaction to a payer
Independent medical transcriptionist that provides transcription services to a physician

Also, a covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity.

Exceptions

An organization may request an exception from the use of a standard transaction from the Secretary to test a proposed modification to that standard. Learn about our exceptions process and the principles for requesting an exception (PDF).