The Health Insurance Portability and Accountability Act, or HIPAA, was enacted by the US Congress in 1996. HIPAA assists by:

  • Enabling millions of American employees and their families to transfer and maintain their health insurance coverage when they change or lose their employment;
  • Decreasing healthcare fraud and abuse;
  • Requiring general industry requirements for health care data on electronic billing and other procedures;
  • Establishing requirements for the secure management of protected health information

All Covered Entities and Business Associates must comply with HIPAA. If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.

Those who must comply with HIPAA are often called HIPAA-covered entities. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. A covered healthcare provider, health plan, or healthcare clearinghouse can be a business associate of another covered entity.

Among the Covered Entities are the following:

  • Healthcare providers: Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing Homes, and Pharmacies.
  • Health Plan: Health Insurance companies, Health Maintenance Organisations (HMOs), Employer-sponsored Health Plans, Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs.
  • Healthcare Clearinghouse: This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

Among the Business Associates are the following:

  • ‍ A third-party administrator that assists a health plan with claims processing.
  • A CPA firm providing accounting services to a healthcare provider involves access to protected health information. 
  • An attorney whose legal services to a health plan involve access to protected health information. 
  • A consultant that performs utilisation reviews for a hospital. 
  • A healthcare clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a healthcare provider and forwards the processed transaction to a payer. 
  • An independent medical transcriptionist that provides transcription services to a physician. 
  • A pharmacy benefits manager overseeing the pharmacist network of a health plan.


See Scrut in action!