A Covered Entity is an organization that must comply with specific regulatory requirements due to the nature of its operations and the sensitive data it handles. In the healthcare context, Covered Entities are subject to HIPAA Privacy, Security, and Breach Notification Rules because they create, receive, maintain, or transmit Protected Health Information (PHI) in the course of their business.
Covered Entity
Regulatory Definitions
- HIPAA (45 CFR §160.103): A Covered Entity includes: (1) a health plan; (2) a healthcare clearinghouse; or (3) a healthcare provider who transmits any health information in electronic form in connection with a HIPAA-covered transaction. Healthcare providers are covered entities only if they electronically transmit health information for any HIPAA-covered transaction (such as claims, eligibility inquiries, or referrals). This definition is codified in the HIPAA Privacy Rule (45 CFR §164.103) and Security Rule (45 CFR §164.303).