Skip to main content

I Want to See


Who Must Comply with HIPAA-AS Regulations?

Who Must Comply with HIPAA-AS Regulations?

Entities that must comply with HIPAA Administrative Simplification (HIPAA-AS) regulations are referred to as "covered entities". The following covered entities must comply:

  • Health plans, including insurers and group health plans
  • Health care providers
  • Health care clearinghouses

In addition, all business associates or business partners of those entities listed above will have an indirect obligation under HIPAA-AS. A business associate is an individual or an entity that provides services or assists the covered entity in activities related to treatment, payment or health care operation. Contracts between covered entities and business associates must have provisions addressing restrictions on the business associate's use and disclosure of health information.

Since the enactment of HIPAA-AS, BlueCross BlueShield of Tennessee has been actively studying the impact of administrative simplification regulations on our business, and making the necessary changes to achieve compliance