American Academy of Professional Coders (AAPC) Practice Exam

Which entities are considered covered entities under HIPAA?

• A. Healthcare providers and pharmacies
• B. Health care providers and health plans
• C. Hospitals and research institutions
• D. Providers and technology vendors

The correct answer is: Health care providers and health plans

Covered entities under the Health Insurance Portability and Accountability Act (HIPAA) include specific types of organizations that handle protected health information (PHI). These entities must comply with HIPAA regulations to ensure the privacy and security of patient information. Healthcare providers who transmit any health information in electronic form in connection with a HIPAA transaction are considered covered entities. This includes various types of providers such as physicians, hospitals, and clinics. Additionally, health plans, which encompass health insurance policies and managed care organizations, are also classified as covered entities because they maintain and process health information. While healthcare providers and pharmacies might seem relevant, the key factor is that pharmacies operate primarily as providers rather than as separate entities, whereas health plans have a distinct role under HIPAA that solidifies their classification. Hospitals and research institutions, while they may handle PHI, do not fall under the definition of covered entities unless they also engage in the activities specified. Providers and technology vendors that do not directly handle PHI for transactions do not meet the criteria for covered entities under HIPAA. Therefore, the correct answer encompasses both the healthcare providers and health plans, reflecting the entities that are compelled to comply with HIPAA regulations for safeguarding PHI.