Covered Entity

Under HIPAA, the Health Insurance Accountability Act a medical provider that must address the HIPAA rules is referred to as a “Covered Entity”. This can include any organization (health plan, health care provider, or health clearing house) that routinely handles Protected Health Information, “PHI”, in any capacity is probably characterized as a “covered entity”. A covered entity must provide info to its patients about their privacy rights and how their PHI can be used (notice of privacy practices). It must adopt clear and appropriate privacy policies and procedures for its practice, hospital, or plan. It must train its workforce to understand its privacy procedures. A covered entity must designate a privacy officer responsible for assuring that privacy procedures are adopted and followed. A covered entity must also adopt adequate security procedures for patient records containing individually identifiable PHI.