Who HIPAA Applies To

Need multiple seats for your university or lab? Get a quote
The page below is a sample from the LabCE course An Introduction to the Medical Laboratory, Part 3. Access the complete course and earn ASCLS P.A.C.E.-approved continuing education credits by subscribing online.

Learn more about An Introduction to the Medical Laboratory, Part 3 (online CE course)
Who HIPAA Applies To

HIPAA applies to covered entities and business associates.
There are three types of covered entities:
  • Health plans, such as health insurance companies
  • Healthcare clearinghouses, such as billing companies
  • Healthcare providers, such as a doctors, hospitals, laboratories, and pharmacies
Covered entities need to access, use, and disclose PHI in order to perform their job duties. Therefore, they must be compliant with HIPAA.
A business associate is a separate entity that provides services to or on behalf of the covered entity. These services may require the access, use, and disclosure of PHI. A business associate agreement (BAA) must be in place between a covered entity and its business associates. It defines the processes that will involve PHI and limits the permissible uses and disclosures of PHI by those business associates. A business associate may use or disclose PHI only as permitted or required by the BAA or as required by law.