I thought I’d spend the next few blogs discussing the joy that is HIPAA compliance. Previously, I blogged about two NMC employees who had been fired after viewing the protected health information of Dr. Richard Sacra, one of the patients treated at the NMC for ebola. The potential fines and penalties that come with a HIPAA violation likely played a large role in these firings.
But let’s start from the very beginning. Who does HIPAA apply to? It applies to “covered entities.” Which naturally begs the question, what is a covered entity? A covered entity is a health care provider who transmits any health information in electronic form in connection with a “covered transaction.”
Simply stated, if a medical clinic/provider furnishes, bills or receives payment for health care in the normal course of business, and sends any covered transactions electronically, then it is a covered entity.
Thankfully, the government has created a number of websites discussing what types of providers are covered entities. Look here. And here. Unfortunately, even with these websites offering assistance, HIPAA compliance can be a difficult regulatory maze. Questions regarding HIPAA are best left to a qualified professional. Stay tuned as we break HIPAA down in the weeks to come.