Covered Entity
ComplianceUnder HIPAA, a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically. Covered entities must comply with all HIPAA regulations including the Privacy Rule, Security Rule, and Breach Notification Rule. Most healthcare practices using digital intake forms are covered entities.
Related terms
HIPAA
Health Insurance Portability and Accountability Act, a US federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information. HIPAA includes the Privacy Rule (who can access PHI), the Security Rule (technical safeguards required), and the Breach Notification Rule (what to do if data is compromised). Any healthcare provider or vendor handling patient data must comply.
BAA (Business Associate Agreement)
A legally binding contract between a HIPAA covered entity (like a healthcare provider) and a business associate (like a software vendor) that establishes permitted uses and disclosures of protected health information (PHI). A BAA is required before any vendor can handle PHI on behalf of a covered entity.
PHI (Protected Health Information)
Any individually identifiable health information held or transmitted by a covered entity or its business associates, in any form (electronic, paper, or oral). PHI includes 18 specific identifiers such as names, dates, phone numbers, email addresses, Social Security numbers, and medical record numbers when connected to health data.
Discover how covered entity works with Formisoft
Try Formisoft free for 14 days. No credit card required—instant setup!