What is a HIPAA-covered entity?
A HIPAA-covered entity is an individual, organization, or agency to which the HIPAA Rules apply; covered entities include health care providers, health plans, and health care clearinghouses.
Health care providers include those providers who electronically submit HIPAA transactions like claims. Providers include but are not limited to:
- Doctors
- Clinics
- Psychologists
- Dentists
- Chiropractors
- Nursing homes
- Pharmacies
For HIPAA purposes, health plans include:
- Health insurance companies
- HMOs or health maintenance organizations
- Employer-sponsored health plans
- Government programs that pay for health care, like Medicare, Medicaid, and military and veterans’ health programs
Health care clearinghouses are public or private entities that process or facilitate the processing of nonstandard health information into standard data elements on behalf of other organizations.
HIPAA Rules apply to covered entities as well as business associates. If a covered entity engages a business associate to help carry out health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes what the business associate has been engaged to do, and requires the business associate to comply with HIPAA.
Additional resources you might like:

Coffee and Compliance: Building Trust to Drive Business Growth
Join our live webinar on May 23 at 12 PM where VP of Product Chase Lee, and Staff Product Manager Sanjay Padval as they demonstrate a brief overview and provide guidance on advancing your security program beyond building or improving. Learn how to enhance customer satisfaction and gain a competitive advantage, accelerating your business growth.

Café et compliance : les clés pour booster sa croissance en tant que startup
Pour vendre à des entreprises, les startups doivent garantir la protection des données de leurs clients en prouvant qu’elles ont mis en place les bonnes pratiques de sécurité. Pour cela, elles peuvent obtenir une certification comme la norme ISO 27001. Ce webinar explique les différents contrôles de sécurité à effectuer, les avantages de la certification et comment automatiser jusqu'à 90% du processus avec Vanta. Sébastien, CTO et co-fondateur de Leeway reviendra sur son expérience avec Vanta, et les participants pourront échanger avec notre responsable commerciale en France et notre expert en certification.

Introducing Vanta Workspaces
We’re thrilled to announce Vanta Workspaces, a new capability in our platform that enables complex organizations with multiple business units to easily customize, manage, and automate compliance at both the business unit and parent organization level in a single Vanta account.