HIPAA applies to the entities below that store, process, or transmit Protected Health Information (PHI) and Electronic Protected Health Information (ePHI):
- Covered Entities are either healthcare plans (e.g., insurance carriers, corporate health plans, HMOs, etc.), healthcare clearinghouses, or healthcare providers.
- Business Associates are any individuals, vendors, or organizations that come into contact with a healthcare organization's PHI or ePHI. Business associates typically work with covered entities to perform services, storage, transmission and/or processing of PHI or ePHI.
- Subcontractors are entities that business associates use to process, transmit, or store PHI or ePHI.