“The Health Insurance Portability and Accountability Act (HIPAA) covers healthcare providers, health insurers, and healthcare clearinghouses, and all covered entities are required to comply with HIPAA Privacy, Security, and Breach Notification Rules.
HIPAA also applies to vendors and other companies doing business with covered entities, which are classed as HIPAA Business Associates (BAs). If a BA is supplied with the Protected Health Information (PHI) of health plan members or patients, or their software or systems are capable of touching PHI/PII, those entities are also required to comply with HIPAA Rules.”
Author: HIPAA Journal