Does HIPAA regulation cover your business? There are two categories of entities who are regulated by HIPAA and are required to be in full compliance.
Covered Entity – This is the main focus of the original law. Covered entities are those who, in their normal activities, create, maintain, directly access and/or transmit PHI and ePHI. Examples of these entities are healthcare providers, clearinghouses, insurance plans, and employers who self-insure. [Note: In general a specific individual is not considered a covered entity. Their employer is the covered entity. Individuals, however, still have a duty to support and ensure compliance and would likely face disciplinary action by their employer for individual behaviors that compromise compliance. Their employer would be the target of OCR fines and penalties.