Manage Learn to apply best practices and optimize your operations.

How to determine if you're responsible for meeting HIPAA requirements

I am trying to understand who is a covered entity under HIPAA. We are a large corporation that is self-insured...

that has contracted with several health plans and a private benefit administration firm for our health benefits. Is our corporation expected to meet HIPAA because we are self-insured?

In a nutshell, if your plan pays for the cost of medical care and/or submits health care transactions electronically, you might very well be considered a health plan that is a covered entity under HIPAA. I recommend that you check out the following Covered Entity Decision Tools page provided by the Centers for Medicare and Medicaid Services: http://www.cms.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp

Also, the American Medical Association has a "Who must comply test" that can provide you with some general guidance as well. Check it out at: http://www.ama-assn.org/ama/pub/category/8818.html

For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: When to seek legal consultation for HIPAA
  • Ask the Expert: Who will enforce HIPAA?
  • Best Web Links: Securing Health Care/Health Services

  • This was last published in March 2003

    Dig Deeper on HIPAA

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.