Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.
Who is a “Covered Entity?”
According to HHS, covered entities fall in one of the following categories:
Health Care Providers
This includes providers such as:
Health Care Clearinghouse
This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
Definitions Under 45 CFR 160.103:
A Health care provider only meets the definition of a “covered entity” if they transmit any PHI in an electronic form as defined under 45 CFR 160.103.
Health care provider means a provider of services (as defined in section 1861(u) of the Act, 42 U.S.C. 1395x(u)), a provider of medical or health services (as defined in >section 1861(s) of the Act, 42 U.S.C. 1395x(s)), and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.
Health care means care, services, or supplies related to the health of an individual.
Health care includes, but is not limited to, the following:
(1)reventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual or that affects the structure or function of the body; and
(2)Sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription.
We know what HHS requires for you to be compliant, and developed the only business solution available that addresses both the Privacy and the Security Rules. Our Full-Spectrum Compliance ℠ solution is engineered to take you from a state of non-compliance to full compliance within a very short period of time.
In order to qualify for EHR financial incentives, providers must complete an annual attestation that they are demonstrating “meaningful use” of their EHR systems.
Core Measure 15 requires providers to complete a security risk analysis, implement security updates as necessary, and correct identified deficiencies as part of its risk management process. Our Full-Spectrum Compliance ℠ solution meets all of these core requirements, enabling you to successfully attest to Meaningful Use and receive your incentive payments.
Fill In The Form Below for industry news, information about our services, events, webinars and more.