Q & A – Who is subject to HIPAA?

Q: Who is subject to HIPAA?

A: An employer’s first inquiry under the privacy rules is determining whether it is a covered entity. Only covered entities are regulated by the rules. The rules identify three covered entities: health plans; health care providers that conduct electronic transactions; and health care clearinghouses.  Employers are not listed; however, most employers are still captured by the rules. Employers that maintain a health plan for their employees as defined by the rules are plan sponsors and are, therefore, regulated by HIPAA. As a plan sponsor, the employer assumes the plan’s obligations.​