who does hipaa apply to

HIPAA-Covered Entities: Who Does HIPAA Apply To?

Who does HIPAA apply to? Do its laws and regulations apply to all healthcare providers and their business associates? 

Covered entities are individuals, organizations, and businesses that must comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations. 

Knowing who these entities are requires a deeper understanding of their specific roles and whether they are involved in transmitting or handling patient records and other sensitive health data.

HIPAA-Covered Entities: Who Does HIPAA Apply To?

What Is a HIPAA-Covered Entity?

HIPAA-covered entities include healthcare providers, health plans, and healthcare clearinghouses. According to the HHS’ definition of covered entities, these individuals, organizations, and agencies must comply with the Health Insurance Portability and Accountability Act (HIPAA) rules to protect health information privacy and security.

Healthcare providers are included in HIPAA-covered entities if they send patient information electronically, but only if it’s part of a standard transaction set by the U.S. Department of Health and Human Services (HHS). These electronic transactions include claims submissions, claims payments, and verification of eligibility.

HIPAA rules also cover business associates. Covered entities often engage the services of business associates to help them carry out healthcare functions that involve the use or disclosure of protected health information (PHI). This means that HIPAA considers any service provider (i.e., telehealth providers and practice management services) handling PHI on behalf of a covered entity to be a business associate.

State laws may also affect the definition of HIPAA-covered entities. In Texas, the definition of a covered entity encompasses a broader range of entities and individuals than HIPAA’s definition. According to the HIPAA JournalTexas House Bill 300 or the Texas Medical Privacy Act includes any person or entity that assembles, collects, analyzes, uses, evaluates, stores, or transmits PHI of Texas Residents regardless of the entity’s location.

HIPAA-Covered Entities: Who Does HIPAA Apply To?

Who Does HIPAA Apply To?

Who is bound by HIPAA, or who has to comply with HIPAA? The list below shows who HIPAA applies to. Again, the healthcare providers mentioned are only included if they use electronic means to process HIPAA-related transactions.

  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing Homes
  • Pharmacies
  • Health insurance companies
  • Health Maintenance Organizations (HMOs)
  • Government healthcare programs such as Medicare and Medicaid
  • Health plans
  • Healthcare clearinghouses
  • Business associates and their subcontractors
  • Other entities that receive health information in a nonstandard format from another source and convert it to a standard electronic format or data content, and vice versa.
  • All individuals and entities that handle, process, use, store, and transmit PHI of Texas residents. 

Who Is Not Required to Follow HIPAA?

Does HIPAA apply to everyone, or is HIPAA only for medical practitioners? HIPAA is not only for healthcare providers but also does not apply to everyone. 

The list below shows the entities that do not need to follow HIPAA. However, these entities should still follow state and federal laws concerning data privacy. 

  • Employers
  • Life insurance companies
  • Law enforcement agencies
  • Most schools and school districts
  • Health data aggregators, as long as the data they collect do not contain identifiable information
  • Personal health fitness devices and apps not connected with healthcare providers or health plans
  • Municipal offices and state agencies not involved in healthcare services.
  • Websites that provide health information that is not operating under any covered entity or its business associate
  • People who conduct screenings at pharmacies and shopping centers, such as those who check for blood pressure and cholesterol levels (unless results are documented with information that can identify the person).

How to Comply With HIPAA

Here are vital points to consider when complying with HIPAA rules:

  • Get familiar with the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and any other guidelines provided by the HHS.
  • Perform regular risk assessments to identify data privacy risks.
  • Implement essential safeguards for HIPAA compliance.
  • Develop clear policies and procedures to address HIPAA requirements.
  • Train employees on HIPAA rules.
  • Regularly monitor HIPAA compliance.
  • Use HIPAA-compliant apps and software for HIPAA-related activities.
HIPAA-Covered Entities: Who Does HIPAA Apply To?

How Does HIPAA Impact Covered Entities?

Being a covered entity has many implications:

  • Covered entities should adhere to the HIPAA Privacy Rule, Security Rule, and other HIPAA rules.
  • Covered entities should notify affected individuals, the HHS, and, in some cases, the media in the event of a breach.
  • Covered entities should secure a contract, known as a business associate agreement (BAA), with their business associates.
  • Covered entities should expect significant penalties, monetary fines, and even reputational damage if found guilty of violating HIPAA guidelines.

Ensure HIPAA Compliance With iFax

Using HIPAA-compliant apps and platforms is crucial for every HIPAA-covered entity and business associate. Ensuring the security and confidentiality of PHI, such as medical records and treatment plans, helps establish your credibility. At the same time, it steers you clear from paying hefty penalties.

And since the healthcare industry still uses fax to transmit health and medical records, it is best to choose a HIPAA-compliant fax service like iFax.

Using iFax to send and receive faxes offers several advantages:

  • Fax from anywhere, even without a fax machine
  • Secures fax transmissions with end-to-end encryption
  • Real-time fax delivery notifications
  • EHR, EMR, and telehealth system integrations
  • Programmable HIPAA-compliant Fax API
  • Free business associate agreement
  • Free fax number porting
  • Flexible plans for local and international faxing
  • Promotes sustainability 

Request a free demo to discover how our service can help your business meet HIPAA compliance standards while automating workflows.

Kent Cañas

Kent is a content strategist currently specializing in HIPAA-compliant online fax. Her expertise in this field allows her to provide valuable insights to clients seeking a secure and efficient online fax solution.

More great articles
how to verify hipaa compliance
All You Need to Know About HIPAA Compliance Verification

Learn how to verify HIPAA compliance so you can determine the next steps toward meeting the regulatory requirements.

Read Story
hipaa for business associates
HIPAA for Business Associates: Understanding the Basics

This article provides an in-depth understanding of HIPAA for business associates and their crucial role in safeguarding PHI.

Read Story
HIPAA Marketing Rules
HIPAA Marketing Rules 101: Tips for Compliance and Success

In healthcare, marketing is not solely about expanding your pool of patients and promoting your services. It transcends beyond business…

Read Story
Subscribe to iFax Newsletter
Get great content to your inbox every week. No spam.

    Only great content, we don’t share your email with third parties.