The Difference Between Covered Entities and Business Associates
The HIPAA rules apply to all Covered Entities and Business Associates. In particular, the HIPAA Privacy Rule which protects a person’s medical records, gives patients the rights to their health information and outlines and sets restrictions and conditions on the use and disclosure of PHI. It is essential to understand the distinction between a covered entity and a business associate because the HIPAA Privacy Rule applies to each differently. Understanding how it is administered to each, helps you understand who has access to medical data and what, if any, authority they have over protected healthcare information (PHI).
In HIPAA law, covered entities are defined as health plans, healthcare clearinghouse, and health care providers who transmit PHI electronically in connection with transactions for which the HHS has developed standards. In general, these transactions undertaken by covered entities include billing and payment for health services. Covered entities can be institutions, organizations, or individuals. As aforementioned, covered entities fall into three core categories under HIPAA rule, outlined below:
- Health Plans: HMO’s, company health plans, health insurance plans, government programs that pay for healthcare
- Health Care providers: Physicians, Clinics, Psychologists, Dentists, Chiropractors, Nurses, Pharmacies (but only if they transmit information electronically that relates to a transaction for which the HHS has adopted a standard)
- Health care Clearinghouses: includes organizations that process nonstandard information to conform to the standards on behalf of other organizations.
Read the entire article here, The Difference Between Covered Entities and Business Associates
via the fine folks at Lua Messaging