top of page

Covered Entity Responsibilities

Covered Entities are defined as:

  • A health plan.

  • A health care clearinghouse.

  • A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter. (Health Insurance Portability and Accountability Act of 1996).




Covered Entities have responsibilities to be compliant with all components of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The responsibilities include activities such as, but not limited to:



  • Caris can supplement your compliance staff or act as your compliance official on behalf of your organization.


  • Caris can develop a training program that can be used for your annual training or training to new employees.


  • Caris can conduct the Risk Analysis necessary to determine the effectiveness of your current controls, policies and procedures.


  • Caris can review or create the policies and procedures necessary to integrate the compliance requirements into your daily operations and practices.

  • Caris can review or modify your current Notice of Privacy Practices to include the necessary Omnibus Final rule material changes.

  • Caris can review your current Business Associate Agreements, modify or revise the agreements or manage your Business Associate relationships.

  • Caris can identify the satisfactory assurances you may choose to request of your Business Associates


  • Caris can document the compliance process, remediation and implementation plan needed for maintaining ongoing compliance.


  • Caris partners with reputable Technology firms to bring compliance and technology together to meet compliance responsibilities and objectives.


Personnel designations for a Privacy and Security Official

Safeguading Electronic Protected Health Information (e-PHI)

Training all workforce members and executives on policies and procedures

Create and implement policies and procedures

Conduct the annual Security Risk Assessment

Create, distribute and make available the organization's Notice of Privacy Practices

Obtain written satisfactory assurances (Business Associate Agreements)

Meet the documentation requirements for compliance activitites, policies and procedures

Regardless of the state of your compliance Caris can help.  Call us at (920) 639-6615

bottom of page