Are You a Covered Entity?

A woman juggling insurance, a laptop, and medical personel

HIPAA, or the Health Insurance Portability and Accountability Act of 1996 , covers both individuals and organizations. Those who must comply with HIPAA are often called HIPAA covered entities.

HIPAA covered entities include health plans, clearinghouses, and certain health care providers as follows:

Health Plans

For HIPAA purposes, health plans include:

Clearinghouses

Clearinghouses include organizations that process nonstandard health information to conform to standards for data content or format, or vice versa, on behalf of other organizations.

Providers

Providers who submit HIPAA transactions , like claims, electronically are covered. These providers include, but are not limited to:

About Business Associates

If a covered entity engages a business associate to help carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that:

Examples of business associates include:

Also, a covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity.

Exceptions

An organization may request an exception from the use of a standard transaction from the Secretary to test a proposed modification to that standard. Learn about our exceptions process and the principles for requesting an exception (PDF).