Manage Learn to apply best practices and optimize your operations.

How to determine if you're responsible for meeting HIPAA requirements

I am trying to understand who is a covered entity under HIPAA. We are a large corporation that is self-insured that has contracted with several health plans and a private benefit administration firm for our health benefits. Is our corporation expected to meet HIPAA because we are self-insured?

In a nutshell, if your plan pays for the cost of medical care and/or submits health care transactions electronically, you might very well be considered a health plan that is a covered entity under HIPAA. I recommend that you check out the following Covered Entity Decision Tools page provided by the Centers for Medicare and Medicaid Services: http://www.cms.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp

Also, the American Medical Association has a "Who must comply test" that can provide you with some general guidance as well. Check it out at: http://www.ama-assn.org/ama/pub/category/8818.html

For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: When to seek legal consultation for HIPAA
  • Ask the Expert: Who will enforce HIPAA?
  • Best Web Links: Securing Health Care/Health Services

  • This was last published in March 2003

    Dig Deeper on HIPAA

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.