HIPAA applies to health plans, healthcare clearinghouses, and healthcare providers that electronically transmit health information in connection with standard transactions. 
 
Health plan generally includes any individual or group plan, private or governmental, that provides or pays for medical care. Employee health benefit plans are excluded if they are self-administered and have fewer than 50 participants. Government-funded programs are excluded if their principal purpose is something other than providing or paying for healthcare, or if their principal activity is the direct provision of healthcare or the making of grants to fund healthcare. 
 
Healthcare clearinghouse is a public or private entity that processes health information received from another entity, or converts transactions from non-standard into a standard format, or vice versa. The regulations distinguish between a clearinghouse dealing with information in its own right (in which case it is bound by all the requirements of the regulations), and in its capacity as a business associate of another covered entity (in which case some of the requirements do not apply, but it is bound by its business associate contract with the covered entity).  For example, the patient rights provisions would be enforced through the business associate contract, not directly. 
 
Healthcare provider is any person or organization who furnishes, bills, or paid for healthcare in the normal course of business.  However, healthcare providers are covered by the rules only if they transmit electronic health information in connection with a standard transaction. 
 
An entity that fits more than one definition must comply with the rules as they affect each of its functions, and may use or disclose information only as appropriate to the function for which the use or disclosure is made. 
 
All health plans, claims clearinghouses, and healthcare providers that choose to transmit any of the transactions in electronic form must comply within 24 months after the effective date of each final rule (small health plans have 36 months).