Skip to content
Log in

Covered Entity / Business Associate

Definition

Terms used in the US HIPAA framework. Covered entities are healthcare providers, health plans, and healthcare clearinghouses. Business Associates are contractors that handle protected health information on their behalf. Both carry breach notification obligations under the HIPAA Breach Notification Rule (45 CFR Parts 160 and 164).

Related terms

Data fiduciary
The term used in India's Digital Personal Data Protection Act 2023 for an entity that determines the purpose and means of processing...
Notification trigger
The threshold condition that activates a legal notification obligation. Under GDPR the trigger is any personal data breach that poses a risk...
Personal data breach
Under GDPR, a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal...
Safe harbour (encryption)
A provision in many breach notification frameworks that exempts organisations from individual notification obligations if the breached data was encrypted and the...
Supervisory authority
The national data protection regulator responsible for enforcing GDPR in a given EU member state, such as the UK Information Commissioner's Office...

Explained in

  • Breach Notification Laws and ObligationsTerms used in the US HIPAA framework. Covered entities are healthcare providers, health plans, and healthcare clearinghouses. Business Associates are contracto...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account