Who Needs to be HIPAA Compliant?
The HIPAA Security Rule applies to all health plans, healthcare clearinghouses, and to any healthcare provider who transmits protected health information (PHI) in electronic form, or electronic protected health information (ePHI). According to the U.S. Department of Health and Human Services, those that fall under this category are known and referred to as Covered Entities (CE).
Online Tech provides HIPAA compliant hosting for organizations that process electronic healthcare transactions including healthcare providers, healthcare software providers (Software-as-a-Service, SaaS) and other healthcare employers. Electronic patient care reporting, or ePCR software, is one example of patient medical and personal data that must be transferred, saved and accessed in a secure, HIPAA compliant environment. Read more about what a HIPAA Compliant Data Center should entail.
The following is a more specific list of who needs to be HIPAA compliant:
- Covered healthcare providers (hospitals, clinics, regional health services, individual medical practitioners) that carry out transactions in electronic form
- Healthcare clearinghouses
- Health plans (including insurers, HMOs, Medicaid, Medicare prescription drug card sponsors, flexible spending accounts, public health authority, in addition to employers, schools or universities that collect, store or transmit EPHI, or electronic protected health information, to enroll employees or students in health plans)
- Their business associates (including private sector vendors and third-party administrators)
Note: 'HIPAA certified' is not the same as 'HIPAA compliant.' No third party or hosting provider can make your organization HIPAA compliant. There is also no certification program recognized by the federal governing body of the HIPAA standard, the Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR).