About OAHHS
Member Center
Data Center
Key Issues
Legal Issues
 
     
  Defintions
  Not Covered
   
   
 
 
 
   
   
     
     
 
  Return to HIPAA Main Menu  
     
 
     
 

 

Entities and Information Covered by the HIPAA Privacy Regulations

 
 


Who Must Comply?

Covered Entities must comply with the HIPAA privacy regulations. You are a covered entity if you qualify as one of the following AND you transmit any health information in electronic form in connection with a transaction covered by HIPAA:

  • A health plan;

  • A health care clearinghouse; or

  • A health care provider.

 

Definitions:

Health Plan: A health plan means an individual or group plan that provides, or pays, the cost of medical care. A health plan includes the following, either alone or in combination:

  • Group health plan

  • Health insurance issuer

  • Health maintenance organization

  • Part A or Part B of the Medicare program

  • Medicare+Choirce

  • OMAP's high risk pool

  • The Medicaid program

  • An issuer of a Medicare supplemental policy

  • An issuer of a long term care policy

  • An employee welfare benefit plan or other arrangement which is established or maintained for the purpose of offering or providing health benefits to the employees of 2 or more employers

  • The health care program for active military personnel

  • The Veterans health care program

  • CHAMPUS

  • The Indian health service program

  • The Federal Employees Health Benefit Plan

Health Care Clearinghouse: Health care clearinghouse means a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. "Health care clearinghouse" includes such entities as billing services and community health management information systems.

Health Care Provider: Health care provider includes any person or organization who furnishes, bills or is paid for health care in the normal course of business, and transmits any health information in electronic form in connection with a transaction covered by HIPAA. The term includes a provider of services (as defined in section 1861)(u) of the Act, 42 USC 1395x(u)), a provider of medical or health services (as defined in section 1861(s) of the Act, 42 USC 1395x)(s), and any other person or organization who furnishes, bills or is paid for health care in the normal course of business.

  • Business Associates: A business associate is an individual or entity that receives protected health information to perform or assist the performance of a function or activity on behalf of a covered entity.

    Business associates, unless they also qualify as a covered entity, are not required to comply with the actual HIPAA privacy regulations. They may not use or further disclose protected health information, however, in any method or manner than is not permitted to the covered entity, other than for proper management and administration.

Top

Not Covered:

  • Worker Compensation carriers

  • Schools

  • Employers who do not sponsor an ERISA plan

  • Labor unions

  • Life insurers

  • Public health officials

  • Law enforcement

  • Blood, organ, tissue procurement/banking

Top

 

Home | Contact Us
© Copyright 2008 OAHHS