Chapter 8: Medical Privacy
Covered Entities Under HIPAA
HIPAA directly covers health care providers conducting certain electronic transactions, health plans, and health care clearinghouses. Cash-only providers who never bill insurance electronically are not covered.
| Category | Example |
|---|---|
| Health care providers (that conduct certain electronic transactions) | Doctors' offices, hospitals |
| Health plans | Health insurers |
| Health care clearinghouses | Third parties that host, handle, or process medical information |
The cash-only doctor trap
A doctor who accepts only cash or credit cards and never bills insurance electronically is NOT a covered entity. The statutory hook is the electronic reimbursement transaction. Casual conversations, book purchases, and online health posts are also outside HIPAA.
Key terms - quick answers
What is “Covered entity”?
Under HIPAA, a health care provider conducting certain electronic transactions, a health plan, or a health care clearinghouse.
What is “Health care clearinghouse”?
A third-party organization that hosts, handles, or processes medical information.