On of the terms mentioned in the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO, is ‘Covered Entity’. The definitions for different terms appear in Subtitle D—Privacy, Section 13400 in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards.
Here we reproduce the definition of ‘COVERED ENTITY’ as per the act. The term ‘covered entity’ has the meaning given such term in section 160.103 of title 45, Code of Federal Regulations.
(1) A health plan.
(2) A health care clearinghouse.
(3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter [e.g., HIPAA Administrative Simplification transaction standards].