Healthcare Business Associate

Healthcare Business Associate

Am I A Healthcare Business Associate?

A healthcare Business Associate (BA) is a person or entity contracted to perform certain functions or activities that involve the use or disclosure of Protected Health Information (PHI) to provide services for a Covered Entity (CE). CE’s are required to identify who their BA’s are and confirm there is a current Business Associate Agreement (BAA) in place. The BAA must limit the BA’s access to PHI to allow only what is necessary to carry out its activities for the CE.

These days most CEs and health plans do not carry out many of their health care activities and functions by themselves. Instead, they often use the services of a variety of other individuals or businesses. Health & Human Services (HHS) defines this type of service provider as a BA, as defined in 45 CFR 160.103.

Business Associates functions and activities may include:

Claims processing or administration; Data analysis, processing or administration; Utilization review; Quality assurance; Billing; Benefit management; Practice management; and re-pricing.

The type of BA services may include:

Legal; Actuarial; Accounting; Consulting; Data Aggregation; Management; Administrative; Accreditation; and Financial.

Examples of Business Associates

• A third party administrator that assists a health plan with claims processing.

• A CPA firm whose accounting services to a health care provider involves access to PHI.

• An attorney whose legal services to a health plan involve access to PHI.

• A consultant that performs utilization reviews for a hospital.

• A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.

• An independent medical transcriptist that provides transcription services to a CE.

• A pharmacy benefits manager that manages a health plan’s pharmacist network.

Covered Entities and Business Associates need to understand patients are entrusting them with their most private and intimate details, they expect it to remain secure.

Besides, it is YOUR practice, YOUR patient’s, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?




Don’t know where or how to start or update your HIPAA security compliance training? Let’s chat about your compliance program – schedule a call with HIPAA alli today!

3 thoughts on “Healthcare Business Associate

  1. […] Requirements standards requires CEs, and under certain circumstances BAs, to have signed Business Associate Agreement (BAA) contract(s) or other arrangements before granting access to ePHI. The standards provide the […]

  2. […] explicit Business Associates Agreements (BAA) for any cloud services, especially access restrictions and monitoring […]

  3. […] is YOUR responsibility as the CE to put in place a Business Associate Agreement (BAA) that holds the third party to the same standards of Privacy and Confidentiality as […]