HIPAA is a complex healthcare privacy law that applies to many global technology companies which serve the U.S. healthcare industry. We are pleased to provide plain English definitions of the following key HIPAA terms.
- COVERED ENTITY. The term “Covered Entity” includes a broad range of health care professionals, hospitals, and health care plans.
- PHI. The term “PHI” refers generally to information relating to a person’s physical or mental health or treatment, which identifies, or can be used to identify, such person.
- BUSINESS ASSOCIATE. The term “Business Associate” includes most technology vendors that create, receive, maintain, or transmit PHI on behalf of Covered Entities, or from other vendors.
- BUSINESS ASSOCIATE CONTRACTS. A “Business Associate Contract” must be signed by Business Associates with (i) Covered Entities; and (ii) Business Associate vendors that handle PHI. Such contracts mandate HIPAA compliance, including breach reporting to the Covered Entity or Business Associate, in accordance with HIPAA reporting deadlines. Importantly, even without a Business Associate Contract, individuals and businesses that meet the definition of a Business Associate are required to comply with HIPAA.
SLG has leveraged its extensive knowledge in the technology industry to support our clients’ compliance needs under HIPAA. For more information, please see our HIPAA For Tech Companies page.
 HIPAA is The Health Insurance Portability and Accountability Act of 1996, a U.S. healthcare privacy law, which has been implemented through various federal rules by the US Department of Health and Human Services (HHS) (the “HIPAA Rules”).
 The HIPAA Rules contain complex and detailed definitions, which we summarize in plain English to facilitate a general understanding of key terms. These definitions are meant to help the reader and are necessarily incomplete. For the full definitions, please refer to 45 CFR § 160.103.