What is a Business Associate?

BA (Business Associate) Information

As you know, HIPAA is an ever-present concern in medical practices.  Most practices don’t know that they must have a ‘Business Associate Agreement’ properly signed by any business partner who has access to the personal medical information of their patients.

Business Associates include, but are not limited to:

Accountant Attorney
Outside Billing Service Bookkeeper
Computer Services (IT) Transcriptionist
Consultant  Data Shredding Service

compliance-hhs-nistMost Business Associates, especially non-medical businesses, completely overlook the HIPAA rules.  This is a dangerous mistake, as they do in fact fall under the HIPAA-compliance umbrella.  The Department of Health & Human Services defines these associated businesses as follows,

Business associate services to a covered entity are limited to legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services.”

Any Business Partner (Business Associate) who has access to view, create, edit, or transmit any patient’s individually identifiable information qualifies for a Business Associate Agreement.  This applies of course to medical details, but also to general personal information such as name, address, telephone number, and email address.

The HIPAA Rule reads, in part:

(g) Business Associate recognizes that, as of February 18, 2010, the administrative, physical, and technical standards and implementation specifications of the HIPAA security rule (45 CFR § 164.308, § 164.310, § 164.312, and § 164.316) apply to the Business Associate in the same manner that it applies to a Covered Entity.

(h) Business Associate recognizes that, as of February 18, 2010, civil and criminal penalties for violation of the HIPAA security rule shall apply to a BA in the same manner as they apply to a Covered Entity.

To help you protect both your business and ours please accept our availability to answer any questions you may have about the HIPAA rules.

Read more at the HHS.gov website: http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html