Covered Entities Under the Privacy Rule
Among other
entities, the HIPAA Privacy Rule specifically applies to health care providers
and their "business associates."
Health Care Providers
Every health care provider, regardless of size, who
electronically transmits health information in connection with certain
transactions, is a covered entity.
- "Health care providers": Health
care providers include all "providers of
services" (e.g., institutional providers such
as hospitals) and "providers of
medical or health services" (e.g.,
non-institutional providers such as physicians, dentists, and other
practitioners) as defined by Medicare, and any
other person or organization that furnishes, bills, or is paid for health care.
- "Certain transactions": These
transactions include claims, benefit eligibility inquiries, referral
authorization requests, or other transactions for which the U.S.
Department of Health and Human Services (HHS) has established standards.
Note: The Privacy Rule covers a health care provider whether it
electronically transmits these transactions directly or uses a billing service
or other third party to do so on its behalf.