Who Must Be HIPAA Compliant?

About us

The HIPAA Rules apply to two groups: covered entities and business associates. A covered entity is a health plan, health care clearinghouse, or health care provider who electronically transmits any health information. Examples of covered entities are:

  • Doctors
  • Dentists
  • Pharmacies
  • Health insurance companies
  • Company health plans
About us

A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of or provides services to, a covered entity. Examples of business associates (whose services include access to PHI) are:

  • CPA
  • Attorney
  • IT providers
  • Billing and coding services
  • Laboratories

HIPAA violations are expensive. The penalties for non-compliance are based on the level of negligence. They can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision.

About us

Your All-in-One Solution for Cybersecurity

Cyber Security Governance, Risk and Compliance (GRC) Services

Ready to take the next step?