An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
As required by Congress in HIPAA, the Privacy Rule covers health plans, health care providers and health care clearinghouses.
The HIPAA Privacy Rule expressly requires an authorization for uses or disclosures of protected health information for ALL marketing communications, except in two circumstances:
A researcher is a covered health care provider if he or she furnishes health care services to individuals, including the subjects of research, and transmits any health information in electronic form in connection with a transaction covered by the Transactions Rule.
If a State, county, or local health department performs functions that make it a covered entity, or otherwise meets the definition of a covered entity they must comply with the HIPAA Privacy Rule.
No. The listed types of policies are not health plans. The HIPAA Administrative Simplification regulations specifically exclude from the definition of a “health plan” any policy, plan, or program to the extent that it provides, or pays for the cost of, excepted benefits, which are listed in section 2791(c)(1) of the Public Health Service Act, 42 U.S.C. 300gg-91(c)(1).
Date Created: 12/20/2002
Providing services to or acting on behalf of a health plan does not transform a third party administrator (TPA) into a covered entity.
The SSA is not a covered entity.
A "group health plan" is a covered entity under the Privacy Rule and the other HIPAA, Title II, Administrative Simplification standards.
There are two deadlines for compliance with the HIPAA Privacy Rule on April 14, 2004:
No. Certain plans are specifically excluded from having to comply with the HIPAA Administrative Simplification requirements, including the Privacy Rule.
The Privacy Rule recognizes that certain fully insured group health plans may not need to satisfy all of the requirements of the Privacy Rule since these responsibilities will be carried out by the health insurance issuer or HMO with which the group health plan has contracted for coverage of its members.
Covered entities under HIPAA are health care clearinghouses, certain health care providers, and health plans.
Are tissue repositories covered entities?
Health care providers cannot invite or allow media personnel, including film crews, into treatment or other areas of their facilities where patients’ PHI will be accessible in written, electronic, oral, or other visual or audio form, or otherwise make PHI accessible to the media, without prior written authorization from each individual who is or will be in the area or whose PHI otherwise will be accessible to the media.