One of the most critical elements of the Health Insurance Portability and Accountability Act of 1996 is the Privacy Rule, which as the name suggests is designed to protect the privacy of healthcare patients. Before this law was created, the medical field was like the Wild West, with a gray area in regards to patient privacy. With HIPAA, however, all healthcare patients are entitled to certain rights which are designed to protect their information from unauthorized use or disclosure.
But whom exactly does the HIPAA Privacy Rule cover? This is a question that many people ask, as the Department of Health and Human Services (HHS) doesn't clearly state coverage for the Privacy Rule.
Generally speaking, the HIPAA Privacy Rule, as well as the Administrative Rule, covers three different entities: health plans, healthcare providers, and healthcare clearinghouses. A health plan is essentially an individual and/or group plan that either provides medical care or pays the cost of medical care to patients. This may include health insurers, dental insurers, vision insurers, prescription drug insurers, Medicare supplement insurers, and long-term care insurers.
The second type of healthcare entity covered by the HIPAA Privacy Rule is a healthcare provider. Regardless of size, all healthcare providers who operating in the U.S. are required to follow the laws set forth in the HIPAA Privacy Rule, assuming they transmit Protected Health Information (PHI) electronically. If a healthcare provider does not transmit PHI electronically, however, then it's not required to follow the HIPAA Privacy Rule. Keep in mind, however, that nearly every modern-day healthcare provider now uses computer systems to store, manage and transmit PHI.
The third and final type of the entity covered by the HIPAA Privacy Rule is a healthcare clearinghouse. Basically, these are entities that process “nonstandard” information that's relayed from a different covered entity. Sound confusing? A healthcare clearinghouse normally receives PHI from a healthcare provider, at which point the clearinghouse processes the data so it can be used more effectively. Services offered by a healthcare clearinghouse may include billing, health management information, networks and switches, etc.
Hopefully, this will give you a better idea of which entities are covered by the HIPAA Privacy Rule and which ones aren't. To recap, health plans, healthcare providers, and healthcare clearinghouses are all covered by the Privacy Rule.