An organization that satisfies a two-part test under the Privacy Rule is considered as covered-entity. First of all, the organization must be one of the subsequent categories:

A health plan;
A health care clearinghouse; or
A health care provider that engages in certain electronic transactions involving Protected Health Information (PHI).
Let’s take a closer look at the three types of covered entities more closely to determine whether dispatch centers may fall under the Privacy Rule.

Health plans include insurers, HMOs, and other entities or groups that pay for health care. This includes self-funded group health plans, which may be the case with many municipal agencies. Once an organization becomes a covered entity, the entire organization is covered, including its dispatch operation. However, a covered entity can declare itself a “hybrid entity” when it performs both “covered” functions and “non-covered” functions under HIPAA.

HIPAA Ready
HIPAA Ready
HIPAA Compliance Management Application

Reduce Administrative Burden

See all the information in a centralized space

Keep your team updated with regular information

Contact Us

Health care clearinghouses are public or private entities that convert certain health care transactions into HIPAA-approved standard formats. For example, third-party billing agencies. Most dispatch centers are less likely to fall under the definition of a health care clearinghouse.

Health care providers are any medical or health service provider or any person or entity that furnishes or provides health care to patients. An argument can be made that EMS and any dispatch agency that provides EMS services are health care providers. However, in order to fall under the “health care provider” definition of a “covered entity” under the Privacy Rule, those organizations must engage in certain types of electronic transactions.

Under this “electronic transactions” part of the definition, an organization must transmit health information electronically in its performance of a “covered transaction.” Electronic billing for health care services is one example of a covered transaction. Other types of “covered transactions” include enrollment and disenrollment in health plans, coordinating benefits, making health plan premium payments, and certain other types of administrative or financial transactions.

Most dispatch entities cannot be considered as a health provider by the virtue of their operations alone because they do not engage in any of the administrative or financial transactions mentioned above. Some dispatch entities, however, are very likely to satisfy the “covered entity test” when they are part of ambulance services, hospitals, or other health providers. This means that every manager and every employee of any emergency services dispatch operation are likely to be considered part of a larger covered entity and should be concerned about HIPAA!

To simplify your compliance efforts, check out our HIPAA compliance software, HIPAA Ready!