Actually, a very good argument can be made that they are, since they process medical information, and, in fact, have a set of standard forms, and the Implementation Act has TSA process this info for DHS. That makes TSA, as odd as it may sound, a health info clearinghouse and, by virtue of that, a covered entity. Anyway, it will tie them up for months arguing about it. And isn't that the goal? If only one court somewhere in the US finds them to be a covered entity, they are.