What are healthcare clearinghouses?

Featured image

Share this article

Medical Insurance Claim Form - paper with glasses, calculator, stethoscope and a pen on top

Organizations that must comply under HIPAA are called covered entities and include health plans, certain healthcare providers, and healthcare clearinghouses. HIPAA, the Health Insurance Portability and Accountability Act of 1996, protects the rights and privacy of patients.

Covered entities and their business associates must understand all aspects of HIPAA to effectively protect patients during care. Especially when safeguarding patients’ protected health information (PHI) with cybersecurity measures such as HIPAA compliant email.

This also means knowing who qualifies as a covered entity and who must comply with HIPAA at all times. Health plans and healthcare providers are uncomplicated, which is why today we will dig deeper into healthcare clearinghouses.

A HIPAA refresher

HIPAA is U.S. legislation created to improve health coverage standards and combat fraud and abuse related to PHI. The Office for Civil Rights (OCR) regulates and enforces the act, which consists of five sections (or titles). The most referenced is Title II, which sets policies and procedures for maintaining patient privacy, with the following rules:

  • Privacy Rule (2003): covers the protection of PHI as well as compliance standards
  • Security Rule (2005): sets required security standards to protect electronic PHI (ePHI)
  • Enforcement Rule (2006): sets the guidelines for enforcing HIPAA and penalizing organizations
  • HITECH Act (2009): promotes the adoption and meaningful use of technology in healthcare
  • Breach Notification Rule (2009): sets the procedures for reporting breaches
  • Omnibus Final Rule (2013): incorporates HITECH further by improving privacy protections

The U.S. Department of Health and Human Services (HHS) amends HIPAA as needed. At the same time, the government also looks to strengthen nationwide cybersecurity with further legislation.

Covered entities: health plans and healthcare providers

A covered entity is an individual, institution, or organization that must comply with HIPAA. There are three categories of covered entities: health plans, healthcare providers, and healthcare clearinghouses.

Health plans include health insurance companies, HMOs (health maintenance organizations), company health plans, and government-sponsored healthcare programs (e.g., Medicare). Healthcare providers are those that transmit electronic information in connection with a transaction for which HHS adopted a standard. These may include doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies. We’ll explore healthcare clearinghouses below.

The Privacy Rule applies only to covered entities while also permitting these organizations to share information under certain provisions. A business associate is a person or entity that performs certain functions or activities that involves PHI.

But before this occurs, covered entities must sign a business associate agreement with their business associates.

Covered entities: healthcare clearinghouses

An expanded definition from the National Institutes of Health states that a healthcare clearinghouse is:

A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “value-added” networks and switches that either process or facilitate the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction, or receive a standard transaction from another entity and process or facilitate the processing of health information into a nonstandard format or nonstandard data content for the receiving entity.

In other words, healthcare clearinghouses act as third-party intermediaries between healthcare providers and health insurers (i.e., health plans). The most important feature of these organizations is that they must work directly with PHI. In fact, healthcare clearinghouses are classified as such because their sole role is PHI-related.

A similar organization whose primary role is unrelated to PHI is instead a business associate. This is because they instead perform a task on behalf of a covered entity.

Are you a covered entity?

Not sure if you qualify as a covered entity or as a business associate? HHS points to an interactive pdf flowchart from the Center for Medicare and Medicaid Services. The tool is based on the Administrative Simplification standards adopted under HIPAA.

Through a series of questions, individuals or organizations can figure out if they qualify as a covered entity. Anyone who is uncertain about which questions to answer should answer them all.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022