Problem solve Get help with specific problems with your technologies, process and projects.

Deciphering the Covered Entities definition

We are a small (300 employees) company that has both a health plan through one of the major insurance companies and a flexible spending account (FSA). I am attempting to figure out if we (the employer) are considered the "health plan" under the Covered Entities definition. Everyone seems to be giving us differing answers. Help.
It's hard to say 100%, but it sounds like with the FSA you offer (and any protected health information that's handled as part of it) you might be what is considered a hybrid covered entity. A lot depends upon how you are managing your FSA plan, if you're outsourcing it, etc. I can't say for sure without knowing more about your business. I highly recommend that you get your (or a HIPAA) attorney involved to confirm this for sure.
For more information on this topic, visit these other SearchSecurity.com resources:
  • Featured Topic: HIPAA update
  • Best Web Link: Health Care/Health Services

  • Information Architect Tip: What's the prognosis on HIPAA?

  • This was last published in May 2003

    Dig Deeper on Information Security Incident Response-Information

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.