HIPAA: What is it?
HIPAA Privacy Rule
The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule.
These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing
Insight. Creativity. Technology.
Proven methods applied in a consistent manner to help achieve security through compliance
HIPAA Compliance Process
Frequently Asked Questions
The HIPAA rules apply to both Covered Entities and their Business Associate
The U.S. Department of Health & Human Services (HHS) Healthcare Providers, Health Plans, and Healthcare Clearinghouses are all Covered Entities. Healthcare Providers are hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies that are considered Healthcare Providers and need to be HIPAA compliant.
A Business Associate is any entity that uses or discloses PHI on behalf of a Covered Entity. Furthermore, a Business Associate is any person who, on behalf of a Covered Entity, performs (or assists in the performance of) a function or activity involving the use or disclosure of PHI.
Simply…A business Associate is a vendor or subcontractor who has access to PHI.
Here are some examples of potential Business Associates:
- Data processing firms or software companies that may be exposed to or use PHI
- Medical equipment service companies handling equipment that holds PHI
- Shredding and/or documentation storage companies
- Consultants hired to conduct audits, perform coding reviews, etc.
- External auditors or accountants
- Professional translator services
- Answering services
- Accreditation agencies
- e-prescribing services
- Medical transcription services