HIPAA Covered Entity Determination Guide
A decision-tree guide that walks practice administrators through 45 CFR § 160.103 to determine covered entity status.
Short answer
A decision-tree determination guide covering the three covered entity categories, the electronic transaction trigger, and edge cases.
What is inside
- The three covered entity categories under § 160.103
- The electronic-transaction trigger that pulls providers into HIPAA
- Side-by-side examples of covered and non-covered practices
- Hybrid entity considerations for mixed-purpose organizations
- Business associate vs covered entity distinction
- Action steps once you confirm covered status
We publish the same practical templates and decision tools that clinics use to structure recurring HIPAA work. No enterprise gate. No resource-library gimmicks. Just practical material delivered quickly.
Editorial details
Written by: Angel Campa
Reviewed by: PHIGuard Compliance Research
Updated: April 28, 2026
Best next step: Open the matching product path
Sources
- 45 CFR § 160.103 — Definitions | Electronic Code of Federal Regulations
- Covered Entities and Business Associates | U.S. Department of Health and Human Services
- 45 CFR Part 162 — Administrative Requirements | Electronic Code of Federal Regulations