Are You a “Covered Entity” Under HIPAA?

Physicians should assume they are covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and must comply with HIPAA regulations if they - or a billing company or other third party on their behalf -  transmit any of the following health information transactions in an electronic format:  


  • Health care claims (including attachments),
  • Health care payment and remittance advice,
  • Information associated with coordination of benefits,
  • Health claim status,
  • Health plan enrollment and disenrollment data,
  • Health plan eligibility data,
  • Health plan premium payments, or 
  • Referral certification and authorization for treatment.

Note that while HIPAA does not mandate that physicians transmit or accept transactions electronically, the Centers for Medicare and Medicaid Services (CMS) requires that all Medicare claims be submitted electronically unless the practice has fewer than 10 full-time employees. Private health care payment plans likely will mandate electronic claims filing at some point as well. 

TMA provides a model business associate contract for physicians and other covered entities, along with a valuable collection of advice, tips, guidelines, schedules, news, resources lists, and much more on the HIPAA Resource Center on the TMA Web site.

Content reviewed: 2/26/07

TMA Practice E-tips main page  

Last Updated On

August 13, 2014

Originally Published On

March 23, 2010

Related Content