Summary
In recent times, health care entities may discover their status as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) and may seek guidance on their subsequent obligations. HIPAA, enacted in 1996, mandates certain standards for privacy and security to protect health information for various individuals and organizations collectively referred to as covered entities. Covered entities under HIPAA include health plans, clearinghouses, and designated health care providers. Health plans encompass a variety of organizations such as health insurance companies, health maintenance organizations (HMOs), employer-sponsored health plans, and government-sponsored programs like Medicare and Medicaid. Clearinghouses are intermediary entities that transform non-standard health data into standardized formats. They play a vital role in facilitating the seamless exchange of health information between providers and payers. Health care providers who engage in electronic transactions, such as submitting claims, are also classified as covered entities. Examples include medical professionals such as physicians, clinics, psychologists, dentists, chiropractors, nursing facilities, and pharmacies. For those covered entities that may engage business associates to assist in fulfilling healthcare functions, it is imperative to establish a formal written business associate contract. This agreement must outline the precise responsibilities of the business associate and ensure that they adhere to HIPAA regulations. Common examples of business associates include third-party administrators that handle claims processing, consultants performing utilization reviews, health care clearinghouses that standardize claim formats, and independent medical transcriptionists providing documentation services to physicians. It is noteworthy that a covered health care provider, health plan, or clearinghouse can also function as a business associate for another covered entity, emphasizing the interconnectedness of entities within the healthcare ecosystem. Should an organization require a deviation from standard transaction use, it is permissible to request an exception from the Secretary of Health and Human Services. Detailed information concerning this exceptions process is available in official documentation. In conclusion, understanding the classification of covered entities and adhering to HIPAA requirements is crucial for the protection of individual health information. By establishing robust contracts with business associates and maintaining compliance with regulations, organizations can effectively navigate the obligations set forth by HIPAA, thereby safeguarding the health information of the individuals they serve.
Original Source: www.cms.gov
Leave a Reply