Individuals, organizations and agencies that meet the HIPAA definition of a covered entity must comply with the requirements of the Rules to Protect the gTLD. Trading Partners · Trading Partner Contracts · Basic Data for Covered Entities. The Privacy Rule applies only to covered entities; it does not apply to all individuals or institutions that collect individually identifiable health information. However, it may affect other types of entities that are not directly regulated by the Rule if, for example, they rely on covered entities to provide PHI.
It is important for researchers to know how the Rule could affect them in the different types of organizations in which they operate, and what they may need to do to continue their research or initiate new research efforts on and after the date of compliance with the Privacy Rule. Entities covered by HIPAA include health plans, health care providers, and health care clearinghouses. Health plans include health insurance companies, health maintenance organizations, government programs that pay for health care (Medicare, for example), and health programs for military and veterans. Business partners are also individuals or entities that provide legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for a covered entity where the provision of those services involves the disclosure of identifiable health information individually by the covered entity or other business partner of the covered entity to that person or entity.