Are You HIPAA Compliant?
One question I have heard repeatedly since I arrived at CDPAANYS is, “Am I a covered entity under HIPAA?” Like everything else in CDPA, FIs handle confidential patient information, so we are covered. However, FIs do not provide a medical service and are not a health care provider, so we are not covered.
What is the answer?
Well, for better or worse, there is now a concrete answer. If you have signed an Administrative Agreement with a managed care plan, you ARE a covered entity.
The Administrative Agreement states in section 16 that “Each party understands the other Party to be a covered entity, as that term is defined by the Health Insurance Portability and Accessibility Act (“HIPAA”)…”
Therefore, by signing the Administrative Agreement, you declared yourself a covered entity.
If you have not been treating yourself as a covered entity in the past – it is time to start.