What are “covered entities?
• Health plans — HMOs, insurers, Medicare and Medicaid; • Health care clearinghouses – billing services, repricing companies, community health management information systems and “value added” networks and switches; and • Health care providers – medical or health service provider and any other person or organization who furnishes, bills, or is paid for health care in electronic form (e.g., insurers, physicians, hospitals, labs and pharmacies). back to top 6. What is meant by “business associates” and are they covered by the Rule? Business associates perform functions or services for the covered entity that involve the use of protected health information. They may include: direct marketers, pharmaceutical manufacturers, medical equipment suppliers, software and database vendors and suppliers. A covered entity can also be a business associate to other covered entities. The Rule places restrictions on disclosures of protected health information from covered entities to business associates
Related Questions
- Are covered entities required to use the National Institute of Standards and Technology (NIST) guidance documents referred to in the preamble to the final HIPAA Security Rule?
- I understand about obtaining information from covered entities records for use in research. Is PHI ever created within the course of conducting research?
- Why were the HIPAA Privacy standards for business associates and covered entities combined into one (1) accreditation?
