Are You A HIPAA Covered Entity?

Recently a furniture company discovered that it is a HIPAA covered entity after a breach and that breach put them on Health and Human Services “Wall of Shame”.

We have several customers who also learned this as a result of our security risk assessment.

In this case, an Asheboro, NC furniture maker had a breach which exposed information on current and former employees. That by itself would not make it a HIPAA breach and would not make them a HIPAA Covered Entity.

In this case, the company runs an employee benefits plan – health insurance run by the company rather than a third party health insurance provider like Humana or Cigna. A company will still be considered a HIPAA covered entity even if they hire a third party to help them run the employee benefits plan.

Recently Toyota wound up on HHS’s wall of shame because they had a breach and they run an employee benefits plan. It is not uncommon and it is not limited to Fortune 500 companies.

There are ways to mitigate the HIPAA compliance requirements if you are a Covered Entity – contact us for details. Ignoring the fact that you are a Covered Entity is not one of them. Source: Gov Info Security.