Get flexible HIPAA Certified Online with instructor-led training—enjoy instant 2-year certification, unlimited quiz retakes, and a printable wallet card the moment you pass.
Covered entities — such as healthcare providers, health plans, and clearinghouses — play a critical role in safeguarding Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).This chapter of your HIPAA Training Course outlines the key responsibilities covered entities must follow to remain compliant and protect patient privacy.
What Must Covered Entities Do?
To stay compliant with HIPAA and ensure sensitive health data is protected, covered entities must take the following actions:
Implement Safeguards Covered entities must have appropriate safeguards in place to protect patient information.
For example: password-protecting electronic health records (EHRs) in clinics helps prevent unauthorized access to private health or financial details.
Limit Use and Disclosure of Information Only the minimum necessary information should be shared or accessed — even when requests come from authorized individuals.
Example: If a family member asks about a specific medication, there’s no need to share the patient’s full medical history.
Train Employees All employees should receive training on HIPAA rules and protocols to ensure they understand how to handle sensitive information properly and lawfully.
Control Access to Information Access to PHI should be restricted to those who need it to do their jobs.
Staff who don’t interact directly with patients, for example, generally shouldn’t have access to full medical or financial records.
Get Written Permission Before Sharing Information Covered entities must obtain written consent from the patient (or their legal representative) before disclosing their information to third parties.
