[ Monday, October 22, 2018 ]
I'm not sure whether this is a HIPAA issue
Jeff [11:17 AM]
: is Healthcare.gov, the website that facilitates the federally-run state insurance exchanges, a covered entity or business associate? It's not a plan or provider, and I don't think it's a clearinghouse because it's not involved in transmitting data in connection with transactions. As far as I can tell, it assists the plans (which are CEs) that sell insurance on the exchanges, so in theory, if it creates, receives, maintains, or transmits PHI in connection with that service, it's a BA. But does it enter into BAAs with those insurers, or is it somehow exempt because it's a governmental entity? HIPAA doesn't include any sort of governmental exemption (Medicare and Medicaid are clearly CEs), but did the ACA or its implementing regulations include any exemption?
Blogger: HIPAA Blog - Edit your Template