Who is Affected by the HIPAA Program?

"...any health plan, any healthcare clearinghouse, and any healthcare provider that transmits any health information in electronic form in connection with the defined transaction."

Accordingly, the following entities are impacted, either as a covered entity or through business associate relationship with the covered entity (please refer below for the definitions):

• Healthcare Providers: Hospitals, IDNs, Nursing homes, Home health agencies, Pharmacies, and any licensed healthcare practitioner.
• Health Plans: Managed Care Organizations, HMOS and any other qualified Health plans, ERISA, Medicare, and Medicaid.
• Clearinghouses: Billing services, Re-pricing agencies, Third-party administrators Others: Public health agencies, employers, life insurers, universities, health web sites, and health information systems vendors.
• Covered Entities: Health Plans, Healthcare Clearinghouses, and Healthcare Providers who transmit any health information in electronic form in connection with a transaction referred to in section 1173(a)(1) of HIPAA. Healthcare providers who do not submit HIPAA transactions in standard form cannot, however, skirt the requirements of HIPAA. Such providers become covered by this rule when other entities, such as a billing service or hospital, transmit standard electronic transactions on their behalf.
• Business Associate: A person to whom the Covered Entity discloses protected health information (PHI) so the person can carry out, assist with the performance of, or perform on behalf of, a function or activity for the Covered Entity. Business Associate includes contractors or other persons who receive PHI from the Covered Entity for the purposes described above, including lawyers, auditors, consultants, third-party administrators, healthcare clearinghouses, data processing firms, billing firms and other Covered Entities. Business Associate excludes persons who are within the Covered Entity's workforce. A business association occurs when the right to use or disclose PHI belongs to the Covered Entity, and another person is using or disclosing the PHI to perform a function or activity on behalf of the Covered Entity. Providing specified services (legal, actuarial, accounting, consulting, management, accreditation, data aggregation, and financial services) to a Covered Entity creates a Business Associate relationship if the provision of the service involves the disclosure of PHI to the service provider.
• Protected Health Information (PHI): encompasses all individually identifiable health information transmitted or maintained by a covered entity, regardless of form. This includes individually identifiable health information that is transmitted by electronic media, maintained in any medium described in the definition of electronic media and transmitted or maintained in any other form or medium. The final rule also removed the exception for individually identifiable health information of inmates of correctional facilities and detainees in detention facilities.
  

All information provided in this web site is believed to be accurate and up to date; however, the Geomar Computers assumes no responsibility for the use of this information. This web site links to web sites maintained by other entities. Reasonable precautions are taken to link only to web sites which are appropriate, accurate and maintained by reputable organizations. However, those web pages are not under Geomar Computers control. Geomar Computers is not responsible for the information or opinions expressed in those linked sites. The recommendations and analyses on this site are intended simply to provide assistance and guidance. They may not be relied upon as authority for compliance with legal requirements, nor as a source of legal advice. It is up to you to seek out legal counsel and official government documentation to protect your rights.