Who must follow HIPAA? | HealthIT.gov

The following entities must follow The Health Insurance Portability and Accountability Act (HIPAA) regulations. The law refers to these as “covered entities”:

Health plans
Most health care providers, including doctors, clinics, hospitals, nursing homes, and pharmacies
Health care clearinghouses

HIPAA also applies to covered entities’ business associates (i.e., third parties that perform certain functions or activities that require the use of personal health information (PHI) including, for example, claims processing or administration). Entities that provide data transmission of PHI on behalf of a covered entity (or its business associate) and that require access on a routine basis to that PHI (such as regional Health Information Organizations (HIOs)) are considered to be business associates under HIPAA. Health information organizations that facilitate the exchange of electronic PHI primarily for treatment purposes between and among several health care providers.

For more information on covered entities or business associates, visit the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.

Certification of Health IT

Health Information Technology Advisory Committee (HITAC)

Health Equity

HTI-1 Final Rule

HTI-2 Proposed Rule

Information Blocking

Interoperability

Patient Access to Health Records

Clinical Quality and Safety

Health IT and Health Information Exchange Basics

Health IT in Health Care Settings

Health IT Resources

Laws, Regulation, and Policy

ONC Funding Opportunities

ONC HITECH Programs

Privacy, Security, and HIPAA

Scientific Initiatives

Standards & Technology

Usability and Provider Burden

Connect with us: