Live Webinar | 26 June 2025 9AM PT
From Black Box to Boardroom: Operationalizing Trust in AI Governance
Glossary
HIPAA

HIPAA

The Health Insurance Portability and Accountability Act, or HIPAA, was enacted by the US Congress in 1996. HIPAA assists by:

  • Enabling millions of American employees and their families to transfer and maintain their health insurance coverage when they change or lose their employment;
  • Decreasing healthcare fraud and abuse;
  • Requiring general industry requirements for health care data on electronic billing and other procedures;
  • Establishing requirements for the secure management of protected health information

All Covered Entities and Business Associates must comply with HIPAA. If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.

Those who must comply with HIPAA are often called HIPAA-covered entities. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. A covered healthcare provider, health plan, or healthcare clearinghouse can be a business associate of another covered entity.

Among the Covered Entities are the following:

  • Healthcare providers: Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing Homes, and Pharmacies.
  • Health Plan: Health Insurance companies, Health Maintenance Organisations (HMOs), Employer-sponsored Health Plans, Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs.
  • Healthcare Clearinghouse: This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

Among the Business Associates are the following:

  • ‍ A third-party administrator that assists a health plan with claims processing.
  • A CPA firm providing accounting services to a healthcare provider involves access to protected health information.
  • An attorney whose legal services to a health plan involve access to protected health information.
  • A consultant that performs utilisation reviews for a hospital.
  • A healthcare clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a healthcare provider and forwards the processed transaction to a payer.
  • An independent medical transcriptionist that provides transcription services to a physician.
  • A pharmacy benefits manager overseeing the pharmacist network of a health plan.
Subscribe to our newsletter
Get monthly updates and curated industry insights
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Terms

ISO 27001 Stage 2 Audit

Also known as the Certification audit, the ISO 27001 Stage 2 Audit is the second step of the two-step external ISO certification process. It follows after the Stage 1 Audit is successfully completed.

Learn More
ISO 27001 Risk Treatment Plan

A risk treatment plan is the second step in the overall risk management process and is usually introduced when the company completes the ISO 27001 risk assessment.

Learn More
ISO 27001 Risk Assessment

Risk Assessment under ISO 27001 aims to help an organization or entity identify, analyze, and evaluate the weaknesses or loopholes present in its information security system (ISMS) and its processes and procedures.

Learn More

Explore more resources

Fintech compliance: Your guide to navigating regulatory requirements
Learn More
Scrut compliance badges: Build client trust and credibility faster
Learn More
Fintech compliance: Your guide to navigating regulatory requirements

Discover key fintech compliance risks, regulations, and best practices. Learn how scalable compliance technology and processes drive fintech compliance.

Learn More

Ready to see what security-first GRC really looks like?

The Scrut Platform helps you move fast, stay compliant, and build securely from the start.

Book a Demo
Book a Demo
Platform
Why ScrutExplore the PlatformSimplify ComplianceStreamline AuditsEmpower Your EmployeesMonitor Cyber RiskAssess Third-Party RiskValidate User PrivilegesManage Asset InventoryDemonstrate TrustAI-Powered GRCIntegrate Your Tech Stack
Frameworks
SOC 2ISO 27001GDPRPCI DSSHIPAANIST AI RMFCustom FrameworksAll Frameworks
Company Stages
StartupGrowthEnterprise
Industry
Enterprise SoftwareFinancial ServicesHealthcareTravel and TourismEducation
Resources
BlogEbooksPodcastSuccess StoriesWebinarsEventsGlossaryFAQs
Hubs
SOC 2 HubISO 27001 HubHIPAA HubExplore All Hubs
Partners
Become a PartnerFind a Partner
Company
CustomersAboutCareersNewsroomSecurity
TrustTerms of UsePrivacy PolicyCookies Policy
© 2024 Scrut Automation. All Rights Reserved.