Who must comply with HIPAA?
All healthcare providers, health plans, payers, clearinghouses, and other entities that process health data must comply.
Any healthcare provider that electronically sends one of the transactions covered in the Final Rules (Claims, remittances, claim status inquiries,
eligibility, certification) is covered by HIPAA. Any organization that electronically stores or transmits individually identified healthcare information must comply with the Security regulation. So, if the organization does any of the above (file a claim electronically or electronically store any healthcare info that can be tracked back to an individual) they must comply with the appropriate HIPAA regulation.
Since the regulations frequently refer to "electronic" communication, what media falls into that category?
HIPAA applies to all communication that is stored or transmitted electronically, or that has been stored or transmitted electronically in the past. Media includes, but is not limited to, computer databases, tapes, disks, telecommunications, fax, Internet, networks.