HIPAA laws are United States federal laws that govern access and sharing of patients' medical records.
Covered entities within HIPAA are individuals or organization who provides healthcare services to a patient, pays for healthcare services, or interfaces with patients' records. They include:
- Providers, like doctors and physician practices
- Facilities, like hospitals or laboratories
- Insurers and payers or any entity that involves payment for healthcare services
- Technology providers, like electronic records and transfer businesses
These covered entities must follow those laws, including providing patients with access to their medical records, or they will face fines for doing so.
Patients should be aware that there are many individuals and groups who handle their health information and medical records who are not considered to be covered entities. Here are some of them:
- life insurers
- workers compensation carriers,
- many schools and school districts,
- many state agencies like child protective service agencies,
- many law enforcement agencies,
- many municipal offices