HIPAA scope

HIPAA applies to the entities below that store, process, or transmit Protected Health Information (PHI) and Electronic Protected Health Information (ePHI):

  • Covered Entities are either healthcare plans (e.g., insurance carriers, corporate health plans, HMOs, etc.), healthcare clearinghouses, or healthcare providers.
  • Business Associates are any individuals, vendors, or organizations that come into contact with a healthcare organization's PHI or ePHI. Business associates typically work with covered entities to perform services, storage, transmission and/or processing of PHI or ePHI.
  • Subcontractors are entities that business associates use to process, transmit, or store PHI or ePHI.

Was this article helpful?

Have more questions? Submit a request



Article is closed for comments.