As security and compliance specialists, Spectra engineers are often asked the scope of the HIPAA legislation. What documents are included? What types of organizations are within compliance requirements? Therefore, today’s blog will focus on “covered entities” under the HIPAA legislation and what client/patient information is covered as well.
Covered EntitiesA covered entity is a healthcare provider, a health plan, or a healthcare clearinghouse who, in its normal activities, creates, maintains, or transmits PHI or ePHI (Protected Health Information or electronic Protected Health Information). Covered entities that have access to PHI/ePHI must ensure that technical, physical, and administrative safeguards are in place and abided. They are also required to comply with the HIPAA Privacy Rule in order to protect the integrity of PHI, including following Breach Notification Rules. Covered Entities include:
Healthcare providers such as: doctors, clinics, psychologists, dentists, and chiropractors, Nursing homes and pharmacies that deal with, transmit, or store electronic or paper documents on patients/clients.
Health plans such as: health insurance companies, HMOs, company health plans or government health plans (Medicare, Medicaid, Military Healthcare, or Veterans healthcare).
Healthcare clearinghouses that process sensitive healthcare information.
Protected information included in the HIPAA legislation:
Names
Geographical identifiers
Dates (other than year) directly related to an individual
Phone numbers
Email addresses
Social security numbers
Medical record numbers
Health insurance beneficiary numbers
Account numbers
Certificate/license numbers
Vehicle identifiers and serial numbers, including license plate numbers;
Device identifiers and serial numbers
Web Uniform Resource Locators (URLs)
Internet Protocol (IP) address numbers
Biometric identifiers, including finger, retinal, and voice prints
Full face photographic images and any comparable images
Any other unique identifying number, characteristic, or code, except the unique code assigned by the investigator to code the data
(Sources: HIPAA Legislation) Do you have questions about what information and safeguards at your business? Call Spectra Networks at 978.219.9752, or visit our website.
]]>