covered entity

This post is intended for people like patient advocates that have medical knowledge, but who might be unfamiliar with the statutory and regulatory frameworks associated with the services they provide. The phrase “PHI” and “HIPAA” are probably mentioned on a regular basis, but what are they and what do they mean for people that are in fields adjacent to providing health care? How is the information handled after it has been created and connected to an individual (i.e., a patient)?