Who is Required to Comply with HIPAA Requirements?
All those who meet the definition of a ‘covered entity’ under HIPAA must comply with HIPAA requirements to protect the privacy and security of health information. They must also provide individuals with certain rights with respect to accessing their health information.
Those defined as covered entities are:
Until recently, only covered entities were required to comply with the HIPAA Privacy Rule and the Security Rule. In 2009, HITECH extended HIPAA rules to apply to those who assist covered entities, known as ‘business associates.’ The proposed HIPAA rule would change HIPAA’s definition of business associates to include:
HITECH also strengthens enforcement penalties for healthcare professionals who are guilty of willful neglect. It extends HIPAA’s penalties to business associates as well.
Summary of the HIPAA Privacy Rule; Who Is Covered? – HHS Office for Civil Rights’ (OCR) summarizes who is covered under HIPAA and provides a CMS decision tool to help you determine whether you are a covered entity.
Summary of HIPAA Rule: Business Associates – OCR’s overview of the key elements of the Privacy Rule including who is covered, what information is protected, and how protected health information can be used and disclosed.
HHS Strengthens Health Information Privacy and Security through New Rules – HHS Press Release describes how the HITECH Act will strengthen and expand enforcement of the HIPAA Privacy, Security, and Enforcement Rules.
Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act – Federal Register notice of the Health and Human Services Department’s July 14, 2010 proposed changes to HIPAA.
E-mail the HealthIT e-mail box: firstname.lastname@example.org