SkipWho Needs to Be HIPAA Compliant?
HIPAA Compliance Rules apply to both Covered Entities (any healthcare provider, health plan or health care clearinghouse) and Business Associates (any company that comes in contact with electronic protected health information [e-PHI]). According to the U.S. Department of Health and Human Services, individuals, organizations and agencies that meet the definition of a Covered Entity under HIPAA must comply with the HIPAA security requirements to protect the privacy and security of health information and must provide patients with certain rights with respect to their health information.
Covered Entities Include:
A Health Care Provider
Includes:
- Doctors
- Clinics
- Psychologists
- Dentists
- Chiropractors
- Nursing Homes
- Pharmacies
- Hospitals
- Surgeons
A Health Plan
Includes:
- Health Insurance Companies
- HMOs
- Company Health Plans
- Government programs that pay for health care, such as Medicare, Medicaid and the military and veterans’ health care programs
- Flexible Spending Accounts
A Health Care Clearinghouse
Includes:
- Entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content or vice versa)
- Billing Services
- Repricing Companies
- Community Health Management Information Systems
Covered Entities must sign Business Associate Agreements with any vendor who, in working with healthcare companies, has any contact with their sensitive patient data. In this manner, any vendor who comes in contact with e-PHI is either a Covered Entity, or by contract, a Business Associate and must be HIPAA compliant.
Business Associates Include:
Business Associates
Internet Technology Providers
- Hosting Companies
- Managed Service Providers
- Hardware/Software Support/Maintenance
Software Providers
- Software as a Service
- Customer Relationship Management
- Human Resource Management
- Application Services (email, database)
Financial Service Providers
- Revenue Cycle Management
- CPA Firms and Accounting Services
Business Services
- Claims Processing
- Consultative Services
- Medical Transcription Services
- Document Destruction
- Accreditation Services
- Data Aggregation
- Records Management
- Record Copying/Duplication
Legal Services
- Attorneys with access to protected health information
OnRamp Works with Covered Entities and Business Associates
Whenever OnRamp’s services are used by Healthcare companies or their Business Associates, OnRamp enters into a cooperative relationship to ensure that the appropriate measures are taken to protect the availability, integrity and confidentiality of the customer’s sensitive patient data. OnRamp works closely with each customer who deals with e-PHI to ensure that, collectively, OnRamp and the customer are adequately maintaining the proper configurations, processes and procedures to protect that data appropriately. OnRamp has invested extensive resources, infrastructure, time and training to ensure that our managed hosting, cloud computing, and co-location solutions, when deployed by our customers, meet the rigorous HIPAA compliance standards.
