Am I A Healthcare Business Associate?
A healthcare Business Associate (BA) is a person or entity contracted to perform certain functions or activities that involve the use or disclosure of Protected Health Information (PHI) to provide services for a Covered Entity (CE). CE’s are required to identify who their BA’s are and confirm there is a current Business Associate Agreement (BAA) in place. The BAA must limit the BA’s access to PHI to allow only what is necessary to carry out its activities for the CE.
These days most CEs and health plans do not carry out many of their health care activities and functions by themselves. Instead, they often use the services of a variety of other individuals or businesses. Health & Human Services (HHS) defines this type of service provider as a BA, as defined in 45 CFR 160.103.
Business Associates functions and activities may include:
Claims processing or administration; Data analysis, processing or administration; Utilization review; Quality assurance; Billing; Benefit management; Practice management; and re-pricing.
The type of BA services may include:
Legal; Actuarial; Accounting; Consulting; Data Aggregation; Management; Administrative; Accreditation; and Financial.
Examples of Business Associates
• A third party administrator that assists a health plan with claims processing.
• A CPA firm whose accounting services to a health care provider involves access to PHI.
• An attorney whose legal services to a health plan involve access to PHI.
• A consultant that performs utilization reviews for a hospital.
• A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.
• An independent medical transcriptist that provides transcription services to a CE.
• A pharmacy benefits manager that manages a health plan’s pharmacist network.
Covered Entities and Business Associates need to understand patients are entrusting them with their most private and intimate details, they expect it to remain secure.
Besides, it is YOUR practice, YOUR patient’s, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?
Don’t know where or how to start or update your HIPAA security compliance training? Let’s chat about your compliance program – schedule a call with HIPAA alli today!