HIPAA Covered Entity — How to Determine if You Are One

A covered entity under the Health Insurance Portability and Accountability Act can be the following: a healthcare provider, a health plan, or a healthcare clearinghouse.

Under the act, people or organizations that fall within one of these three categories are subject to the full extent of HIPAA and therefore must be compliant with every rule and regulation outlined.

Here is a quick cheat sheet to determine whether or not you are a covered entity:

Health Care Providers as Covered Entities

Health Care PRoviders as Covered Entities

If you're one of the following providers and transmit any information in an electronic form in connection with a transaction for which the Department of Health and Human Services has adopted a standard, then you are a covered entity:

  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing Home
  • Pharmacy

Health Plans as Covered Entities

Health Plans as Covered Entities

Covered entities include:

  • Health Maintenance Organization (HMO)
  • Company health plans
  • Health plans from health insurance companies
  • Government programs that pay for health care (For example, Medicare, Medicaid, and the military and veterans health care programs

Health Care Clearinghouses as Covered Entities

Health Care Clearinghouses as Covered Entities

According to the Department of Health & Human Services, a health care clearinghouse that is subject to HIPAA regulations is the following:

  • “public or private entity, including a billing service, repricing company, or community health information system, which processes non-standard data or transactions received from one entity into standard transactions or data elements, or vice versa.”

Are You a Covered Entity? Then Call Medicus IT Today

At Medicus IT, we can help your practice thrive in today's world — where the security of your technology and data is of the utmost importance. Here's how we can help.


We focus our entire repertoire of services on healthcare. When Medicus IT first came into existence, it was due to the overwhelming need within the healthcare industry to keep patients' sensitive data safe and secure. Today, there are more ways than ever for hackers and scammers to try and steal your practice's information.

Because of this, a breach may not only harm your patients, but your healthcare practice as a whole may be at risk — it can be challenging to overcome the hefty fines that accompany a violation of HIPAA.

Through annual compliance training, our team members are always up-to-date on the latest regulatory needs of the industry.

Our Healthcare Services:

  • HIPAA Security/Compliance
  • Monthly Reporting
  • Risk Assessment
  • Application Integration

Risk Assessment

Under the Security Rule put forth by the Department of Health and Human Services, a risk assessment is required to identify any security gaps in your system

In particular, a risk assessment will help in revealing areas where your patients' health information could potentially be at risk. We'll perform the technical portion of the risk assessment, as well as thoroughly outline and explain any issues that come up.

If we find issues, we'll provide the remedy to ensure your compliance with HIPAA, while securing the safety of patient data.

Monthly Reporting

With our custom Medi-Reporting, we'll provide you with insights into your IT and security systems monthly, weekly, or even daily.

Our goal is to offer you as much (or as little) detail as you want when it comes to the medical IT services.

Regular reporting is also essential in the case of an unexpected audit. You can rest assured that you will be able to quickly provide the required information to comply with an auditor’s requests such as:
  • Security patch history
  • Antivirus updates
  • Backup compliance

It’s just one more way we are staying ahead of the healthcare IT support and compliance curve.

Get My FREE Assessment