HIPAA is applicable to covered entities, business associates, and subcontractors who are storing, processing or transmitting PHI (Protected Health Information):
- Covered Entities are either healthcare plans (e.g., insurance carriers, corporate health plans, HMOs, etc.)
- Business Associates are any individuals, vendors organizations that come into contact with a healthcare organization's PHI. Business associates typically work with covered entities to perform services, store, transmit and/or process PHI.
- Subcontractors are the entities that Business Associates use to process, create or store PHI.