Under HIPAA, who is considered a covered entity?

A covered entity under HIPAA includes health care providers who conduct certain transactions electronically, such as submitting claims for reimbursement or receiving payments electronically. This definition also extends to health plans and health care clearinghouses. These entities are bound by HIPAA privacy and security regulations because they handle protected health information (PHI) in the course of their operations.

Those who merely have access to patient records without engaging in transactions as defined under HIPAA do not qualify as covered entities. Similarly, students enrolled in health care programs or individuals working in a school setting are generally not classified as covered entities unless they are involved in direct healthcare services and engage in electronic transactions of PHI. Thus, option B accurately identifies who is considered a covered entity under HIPAA.