Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides and reports
Videos

Follow us

Linkedin iconFacebook icontwitter iconinstagram icon

What is a HIPAA-covered entity?

A HIPAA-covered entity is an individual, organization, or agency to which the HIPAA Rules apply; covered entities include health care providers, health plans, and health care clearinghouses. 


Health care providers include those providers who electronically submit HIPAA transactions like claims. Providers include but are not limited to: 

  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing homes
  • Pharmacies 


For HIPAA purposes, health plans include:

  • Health insurance companies
  • HMOs or health maintenance organizations
  • Employer-sponsored health plans
  • Government programs that pay for health care, like Medicare, Medicaid, and military and veterans’ health programs


Health care clearinghouses are public or private entities that process or facilitate the processing of nonstandard health information into standard data elements on behalf of other organizations.


HIPAA Rules apply to covered entities as well as business associates. If a covered entity engages a business associate to help carry out health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes what the business associate has been engaged to do, and requires the business associate to comply with HIPAA.

Related Terms

Additional resources you might like:

GRC
Blog
Understanding inherent risk vs residual risk—and why the gap matters

Learn about inherent and residual risk beyond definitions and see how they influence decisions.

Compliance
Events
Agentic compliance in action with Vanta and Claude

Register to learn how Vanta's MCP Server brings your compliance program directly into Claude.

GRC
Blog
How to write a risk appetite statement in 5 steps

A risk appetite statement isn’t useful unless it drives decisions. Learn how to create one with clear thresholds that help align action with your risk appetite.

Additional resources you might like:

GRC
Blog
Understanding inherent risk vs residual risk—and why the gap matters

Learn about inherent and residual risk beyond definitions and see how they influence decisions.

Compliance
Events
Agentic compliance in action with Vanta and Claude

Register to learn how Vanta's MCP Server brings your compliance program directly into Claude.

GRC
Blog
How to write a risk appetite statement in 5 steps

A risk appetite statement isn’t useful unless it drives decisions. Learn how to create one with clear thresholds that help align action with your risk appetite.

GRC
Blog
Risk appetite and risk tolerance: What’s the difference?

Learn what risk appetite and risk tolerance mean, how they differ and formalize them at scale.

Comparisons and reviews
Video
Why enterprise leaders choose Vanta over Drata to prove and manage trust

Learn how Vanta is uniquely equipped to meet the needs of large, complex organizations.

Compliance
Blog
The 9 compliance risks hiding in your organization (and how to fix them)

Learn what compliance risk is and what its most common types are. Find out how to assess and manage your compliance risk and best practices to follow.

Comparisons and reviews
Blog
The best TPRM software for 2026

Discover the best third-party risk management software solutions for 2026.

Comparisons and reviews
Blog
Top 5 OneTrust alternatives

Check out top OneTrust alternatives for compliance and risk management.

Comparisons and reviews
Blog
Top 4 Secureframe alternatives

Explore features, limitations, and scalable compliance solutions.

Get compliant and build trust—fast

Request a demo
G2 Badge Winter 2026 LeaderG2 Badge Winter 2026 Enterprise LeaderG2 Badge Milestone 'Users Love Us'