I am trying to understand who is a covered entity under HIPAA. We are a large corporation that is self-insured that has contracted with several health plans and a private benefit administration firm for our health benefits. Is our corporation expected to meet HIPAA because we are self-insured?
In a nutshell, if your plan pays for the cost of medical care and/or submits health care transactions electronically, you might very well be considered a health plan that is a covered entity under HIPAA. I recommend that you check out the following Covered Entity Decision Tools page provided by the Centers for Medicare and Medicaid Services: http://www.cms.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp
Also, the American Medical Association has a "Who must comply test" that can provide you with some general guidance as well. Check it out at: http://www.ama-assn.org/ama/pub/category/8818.html
For more information on this topic, visit these other SearchSecurity.com resources:
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.