Since 1996, the Health Insurance Portability and Accountability Act has developed into a broad, comprehensive law that protects patients from the misuse of their sensitive data and lays out clear guidelines for covered entities and business associates on how to comply with the law, as well as what to do in case a breach occurs.

HIPAA has had several enhancement periods since its enactment. Effectively, since April 2005 nearly all Covered Entities have been required by law to comply with HIPAA. In 2009, the HITECH rules were implemented, accelerating the adoption of Electronic Medical Records (EMRs) and introducing Meaningful Use incentives. HITECH enabled Risk Assessments to play more of a prominent role in many practices by adding a financial penalty for not complying with this aspect of HIPAA. In 2013, the Omnibus rules closed loop holes and tightened enforcement by making all Business Associates and their subcontractors equally as liable for HIPAA compliance.


Covered Entities include any service provider using Protected Health Information (PHI) for Treatment, Payment, or Healthcare Operations (TPO) whether they create, receive, maintain, or transmit (CRMT) PHI.

Business Associates are entities that act as a support structure for covered entities.


Are you a business associate?

  • This field is for validation purposes and should be left unchanged.

Business Associates include: Insurance brokers, Insurance Associates, Collection Agencies, Financial Services, Accountants, Lawyers, Billing Agencies, Payment Processors, Credentialing service providers, and other related healthcare support entities.