Anyone who offers healthcare treatment, payments, or operations is considered a covered entity.

Entities that are covered include:

  • A doctor’s office, a dentist’s office, a clinic, a psychologist’s office, etc.
  • Nursing homes, pharmacies, hospitals, and home health agencies are all options.
  • HMOs, health care plans, and insurance firms
  • Government-funded health-care initiatives
  • Clearinghouses for health care

Healthcare Providers, Health Plans, and Healthcare Clearinghouses are all considered Covered Entities by the US Department of Health and Human Services (HHS).

Hospitals, physicians, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies are all considered Healthcare Providers and must comply with HIPAA.

Health insurance companies, HMOs, workplace health plans, Medicare, and Medicaid are all examples of health plans. Furthermore, organizations and schools that handle PHI in order to enroll their employees and students in health plans are considered health plans and must comply with HIPAA.

Health Care Clearinghouses receive data from a healthcare organization, convert it to a standard format, and then send it to another healthcare organization. They must comply with HIPAA too.

Who is responsible for adhering to HIPAA privacy regulations?

The HIPAA Privacy Rule only applies to Covered Entities by law.

However, most Covered Entities do not perform all of their health-care operations and duties on their own. Rather, they frequently enlist the help of a range of different groups.

In short,  HIPAA compliance standards apply to both Covered Entities and the Business Associates that support them.

If an organization does not match this criterion, it is exempt from HIPAA regulations.

What is a Business Associate?

A Business Associate is a person or company that performs services or operations for a Covered Entity that are governed by the HIPAA Administrative Simplification Rules and include the use or disclosure of protected health information.

Learn more: Business Associate – What is it, Roles & Responsibilities and more

What is a Business Associate Agreement?

A written contract between a Covered Entity and a Business Associate is known as a Business Associate Agreement. HIPAA compliance necessitates it. A Business Associate Agreement must have at least ten terms (BAA).

A Business Associate Agreement is needed by law if you are a covered entity handling protected health information to a third party.

How Covered Entities can maintain HIPAA compliance with Canary Mail.

Canary gives healthcare professionals and covered entities confidence in their HIPAA compliance with the best Encryption tools.

Canary offers two distinct methods of email encryption to secure email. The first is an auto method, where the email encryption is handled automatically – users do not need to worry about the key exchange needed to secure mail. Alternatively, advanced PGP users can choose to manage keys manually and use their existing PGP keys generated via tools such as GPGTools, Symantec Email Encryption, Posteo, etc.

Canary is special – it’s an app, not a provider. This means that Canary lets you send encrypted emails via your favorite email provider, including Gmail, Yahoo, Office 365, iCloud, or any other IMAP account. You can even send PGP encrypted emails from your iPhone, iPad, or Mac, to any other PGP user, who may or may not be using Canary. With end-to-end encryption, your provider is no longer relevant – the emails won’t be readable on your provider’s web interface. This means that even if an intruder gets access to your Gmail account, all they’ll see is garbled text.

The best part? You no longer have to compromise on design, features, or performance to avail cutting-edge email encryption. We’ve designed Canary to help you effortlessly deal with today’s email volumes, via your favorite email provider (IMAP), and to do so securely.