facebook icon twitter icon linkedin icon

If you’ve previously worked with data of any kind or volunteered information to a service provider, it’s likely you’ve come across rules and regulations outlining exactly how patient data can be used.

patient data security on devices

What does HIPAA stand for?

The medical profession has always dealt with sensitive data, perhaps more than any other industry in the world. In 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) as a federal law. This created a national standard to keep healthcare providers from disclosing patient information without their knowledge.

These regulations outline the appropriate uses and disclosures of protected health information (PHI). They’re centered around 3 major rules:

The privacy rule – The HIPAA privacy rule requires healthcare providers to put appropriate safeguards in place to protect the privacy of protected health information. It also determines when and why healthcare providers can disclose protected health information without patient authorization.

The security rule – The security rule ensures healthcare providers meet the proper administrative, physical, and technical standards when keeping patient information secure.

Breach notification rule – The breach notification rule requires healthcare providers to establish a plan for notifying patients if their protected health information has been breached.

Below, we answer frequently asked questions about HIPAA law and who needs HIPAA compliance?

Covered Entities

According to the US Department of Health and Human Services (HHS), three types of covered entities need to maintain HIPAA compliance: healthcare providers, clearing houses, and health plan providers.

Health care providers include:

  • Doctors
  • Psychologists
  • Dentists
  • Nursing Homes
  • Pharmacies
  • Medical Clinics
  • Chiropractors

These providers transmit healthcare information electronically for the purposes of processing claims, completing transactions, and exchanging data.


In the medical industry, a clearinghouse acts as a third-party provider that takes patient information and processes it into a clear standard format. This electronic hub of information is a go-between for exchanging information between entities doctors, health plan providers, and medical claims companies.

Health Plan Providers

Health Plan Providers that need to be HIPAA compliant include:

  • Health insurance companies
  • Company health plan providers
  • Government-sponsored programs such as Medicare and Medicaid

Business Associates

Business associates of covered entities are also required to follow regulations. According to HIPAA, a business associate carries out work on behalf of a covered entity or provides services for them. Business associates are required to sign contracts with covered entities agreeing to safeguard PHI. They perform functions such as:

  • Claims processing
  • Medical answering services
  • Collections agencies
  • Lawyers

Business associates working with covered entities are held separately liable for HIPAA violations and are subject to the same safeguarding rules as private entities.

It’s crucial that healthcare providers understand which businesses with which they work require HIPAA compliance. Patients trust healthcare providers to protect their health information on every level.

HIPAA & WellReceived

At WellReceived, all of our dedicated and professional virtual medical receptionists are trained on HIPAA and PHI compliance to support your business and patients. If you’d like to know more on how HIPAA compliance can impact your business, our team will be happy to assist you!

avatar imgae

Terri Phillips

Leave a comment

Your email address will not be published