This is a crucial question to be asking if you handle protected health information (PHI), as HIPAA infractions can result in severe penalties.
You inquire what PHI is? PHI refers to any data in a medical file that can be used to identify a person and that was generated, used, or disclosed while a patient was receiving treatment or receiving a diagnosis.
In other words, PHI refers to details from your medical records, such as discussions regarding your care between doctors and nurses. PHI also includes any medical data stored in the computer system of your health insurance provider and your billing information.
In this article we will tell you who needs to be HIPAA complaint.
So, who needs to be HIPAA compliant?
The HIPAA regulations are applicable to Covered Entities and their Business Associates. But that only raises more questions for us. A covered entity is what? Is this what you mean by “Business Associate”?
With Covered Entities first. The U.S. Department of Health & Human Services (HHS) defines Covered Entities as including Healthcare Providers, Health Plans, and Healthcare Clearinghouses.
This one is rather easy to understand. Healthcare professionals are who you may expect them to be. Healthcare Providers, such as hospitals, physicians, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies, must adhere to HIPAA regulations.
Health insurance providers, HMOs, employer-sponsored insurance programmes, Medicare, and Medicaid are a few examples of health plans. Additionally, in order to qualify as health plans under HIPAA, companies and educational institutions must handle PHI when enrolling their staff and students in health insurance.
The more specialised Healthcare Clearinghouses are. A clearinghouse receives data from a healthcare organisation, formats it according to standards, and then sends it on to another organisation in the industry. They must also adhere to HIPAA regulations.
The majority of Covered Entities have already achieved HIPAA compliance. However, as of September 23, 2013, Business Associates of Covered Entities are directly responsible for adhering to certain HIPAA obligations under the final Omnibus Rule.
Additionally, the majority of subcontractors who have access to PHI are now included in the new standards’ broader definition of a business associate. Numerous businesses are rushing to comply with these changes.
Do you fit this description? Are you an associate in business? A vendor or subcontractor with access to PHI is referred to as a “Business Associate” in simple terms.
Any organisation that uses or discloses PHI on behalf of a Covered Entity is a Business Associate, to use a more formal definition. Additionally, a Business Associate is any individual who carries out (or aids in the execution of) a function or activity involving the use or disclosure of PHI on behalf of a Covered Entity.