The HIPAA rules only require a certain sets of person to comply with the rules. People who are not under the categories of those who should comply are not affected by the rules. However, the moment you are in the health care sector and you carry out any form of electronic activities; that is you use electronic services to enhance your services, then you are to comply with the HIPAA Rules. In this case the use of electronic devices in discharging your responsibilities or enhancing the delivery of your services as a health care provider makes you a Covered Entity (CE) or if you using electronic services to help an health care delivery center or professional, then you are a Business Associate (BA) and you are expected to comply with the HIPAA Rules. Therefore, those who must comply with the HIPAA Rules include medical doctors, nurses and nursing homes, clinics, pharmacies and pharmacists and hospitals that have some of their standard administrative activities or financial transactions in electronic form.
The moment you make billings electronically as a health care provider, you have become a CE
On the other hand, a Business Associate (BA) is any other individual or organization saddled with any responsibility on behalf of a health care provider. It also includes any individual or organization that is not a staff or member of your organization with access to Protected Health Information.
Some of the responsibilities of a BA include analyzing of data, quality assurance, claims processing, reviewing of utilization, carrying out some activities concerning patient safety and preparing and making billings. What makes an organization or a person a BA is the relationship between the organization or person with PHI. Once what you do for a health care provider involves accessing PHI, then you automatically become a Business Associate (BA)