HIPAA Covered Entity and Business Associate

The HIPAA Act of 1996 has set strict standards regarding a patient’s Protected Health Information (PHI) as a part of its Privacy Rule regulations. The Privacy Rule addresses all issues concerned with saving/accessing/sharing medical & personal information of an individual. The concept of a Covered Entity is at the core of Privacy Rule regulations. All Healthcare Providers and Health Plans are called Covered Entities. Here, Health Plans include state, federal, private and employee & veterans’ welfare health insurance plans.

However, this is a very basic definition, as the realm of a Covered Entity implies to all Business Associates that are involved in accessing/sharing an individual’s medical health information. A Business Associate represents all persons or organizations that are involved in the direct functioning of a Covered Entity or act on behalf on a Covered Entity. However, it does not involve the employees of a covered entity. For example, the clerical staff at a healthcare center is not regarded as a ‘Business Associate’. However, an outsourcing firm that is handling medical billing on behalf of the medical facility is a ‘Business Associate’, i.e. it is bound to follow HIPAA guidelines. Usual services rendered by a Business Associate include:

• Handling Patient's personal/medical data
• Assistance in Administrative functions
• Legal/financial/insurance-based Consultations

Tags:

HIPAA Covered Entity and Business Associate

Main

Medical Records Scanning

EMR Software

EMR implementation

HIPAA Privacy Rule

EHR Software Stimulus (EMR Stimulus)

PDF Healthcare

Electronic Medical Records (EMR)

EMR Security Issues

Personal Health Records (PHR)

HealthCare IT