HIPAA defines a covered entity as one of the following:

  • Healthcare provider who transmits information in an electronic form
  • Health Plan
  • Healthcare clearinghouse

Most providers are covered entities, managing insurance-related transactions electronically, like submitting claims to a health plan.

What Are Your Responsibilities as a Covered Entity?

Covered entities must comply with all of the HIPAA /HITECH rules and regulations. Responsibilities of a covered entity include the provision of records, compliance reports and cooperation with complaint investigations and compliance reviews by HHS including permitting access to facilities, records, accounts, and protected health information, if necessary, to determine compliance with administrative simplification.

A covered entity must protect and secure individually identifiable patient information. The covered provider has the ultimate responsibility for HIPAA compliance.

Over my next three blogs, I will summarize the HIPAA/HITECH requirements for a covered entity regarding:

  1. Privacy Rule
  2. Security Rule
  3. Breach Notification Rule