Who is Impacted by the HIPAA Legislation?


As security and compliance specialists, Spectra engineers are often asked the scope of the HIPAA legislation. What documents are included? What types of organizations are within compliance requirements? Therefore, today’s blog will focus on “covered entities” under the HIPAA legislation and what client/patient information is covered as well.


Covered Entities

A covered entity is a healthcare provider, a health plan, or a healthcare clearinghouse who, in its normal activities, creates, maintains, or transmits PHI or ePHI (Protected Health Information or electronic Protected Health Information). Covered entities that have access to PHI/ePHI must ensure that technical, physical, and administrative safeguards are in place and abided. They are also required to comply with the HIPAA Privacy Rule in order to protect the integrity of PHI, including following Breach Notification Rules.  


Covered Entities include:

  • Healthcare providers such as: doctors, clinics, psychologists, dentists, and chiropractors, Nursing homes and pharmacies that deal with, transmit, or store electronic or paper documents on patients/clients.
  • Health plans such as: health insurance companies, HMOs, company health plans or government health plans (Medicare, Medicaid, Military Healthcare, or Veterans healthcare).  
  • Healthcare clearinghouses that process sensitive healthcare information.


Protected information included in the HIPAA legislation:

  • Names
  • Geographical identifiers
  • Dates (other than year) directly related to an individual
  • Phone numbers
  • Email addresses
  • Social security numbers
  • Medical record numbers
  • Health insurance beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers, including license plate numbers;
  • Device identifiers and serial numbers
  • Web Uniform Resource Locators (URLs)
  • Internet Protocol (IP) address numbers
  • Biometric identifiers, including finger, retinal, and voice prints
  • Full face photographic images and any comparable images
  • Any other unique identifying number, characteristic, or code, except the unique code assigned by the investigator to code the data

(Sources: HIPAA Legislation)


Do you have questions about what information and safeguards at your business? Call Spectra Networks at 978.219.9752, or visit our website.