Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
In a move highlighting the significance of upholding health data privacy, the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) and MedEvolve, Inc. have reached a resolution agreement. The specifics of the case and its repercussions for HIPAA business associates are discussed as part of overall HIPAA guidelines for healthcare professionals.
What Are the Differences between HIPAA Covered Entities and HIPAA Business Associates?
In the context of the Health Insurance Portability and Accountability Act (HIPAA), both covered entities and business associates play crucial roles in protecting the privacy and security of Protected Health Information (PHI). However, there are important distinctions between the two.
Covered Entities
Covered entities are the central bodies that must comply with HIPAA regulations. They are involved in healthcare treatment, payment, or operations. Covered entities include:
- Health Care Providers. This includes healthcare providers, plans, and clearinghouses. However, they are only covered entities if they transmit information electronically concerning a transaction for which HHS has adopted a standard, such as billing
- Health Plans. Insurance companies, HMOs, company health plans, and government programs like Medicare and Medicaid
- Health Care Clearinghouses. These entities process health information received from another entity into a standard format or vice versa.
Business Associate
Business associates are individuals or organizations that perform certain functions or activities on behalf of or provide certain services to a covered entity that involves the use or disclosure of PHI. Examples can include a medical billing company, a company that manages a health care provider’s electronic health record system, or a law firm providing legal services to a health care provider involving access to PHI.
The key difference between the two revolves around their function in healthcare operations….