The Health Insurance Portability and Accountability Act, or HIPAA, was enacted by the US Congress in 1996. HIPAA assists by:
- Enabling millions of American employees and their families to transfer and maintain their health insurance coverage when they change or lose their employment;
- Decreasing healthcare fraud and abuse;
- Requiring general industry requirements for health care data on electronic billing and other procedures;
- Establishing requirements for the secure management of protected health information
All Covered Entities and Business Associates must comply with HIPAA. If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.
Those who must comply with HIPAA are often called HIPAA-covered entities. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. A covered healthcare provider, health plan, or healthcare clearinghouse can be a business associate of another covered entity.
Among the Covered Entities are the following:
- Healthcare providers: Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing Homes, and Pharmacies.
- Health Plan: Health Insurance companies, Health Maintenance Organisations (HMOs), Employer-sponsored Health Plans, Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs.
- Healthcare Clearinghouse: This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
Among the Business Associates are the following:
- A third-party administrator that assists a health plan with claims processing.
- A CPA firm providing accounting services to a healthcare provider involves access to protected health information.
- An attorney whose legal services to a health plan involve access to protected health information.
- A consultant that performs utilisation reviews for a hospital.
- A healthcare clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a healthcare provider and forwards the processed transaction to a payer.
- An independent medical transcriptionist that provides transcription services to a physician.
- A pharmacy benefits manager overseeing the pharmacist network of a health plan.