Healthcare Business Associates

Episode 1: Know The Rules! Healthcare Business Associates


Healthcare Business Associates – Did You Know?

The HIPAA Privacy, Security, and Breach Notification Rules apply to both Covered Entities (CEs) and their Business Associates (BAs).

Healthcare providers and dentists, referred to as CEs, outsource many of their daily administrative activities to third parties and their subcontractors, referred to as BAs, to provide specific health and/or business services.

What Do BAs Do?

Healthcare Business Associates can be a person or an organization, other than an employee of a CE, that performs certain functions on behalf of, or provides certain services to, a covered entity that involve access to PHI.

A BA can also be a subcontractor responsible for creating, receiving, maintaining, or transmitting Protected Health Information (PHI) on behalf of the CE (45 CFR 160.103);

BAs provide services to CEs that include:

  1. Consultants
  2. Managed Service Provider
  3. Management Administration
  4. Billing, Coding, Transcription
  5. Marketing companies
  6. Accreditation
  7. Utilization Review
  8. Information technology contractors
  9. Data Analysis
  10. Data storage or document destruction companies
  11. Data transmission companies or vendors who routinely access PHI
  12. Third Party Administrators (TPA)
  13. Lawyers
  14. Accountants
  15. Malpractice insurers

NOTE: A CE can be a BA of another CE.

Why Should You Care?

It is YOUR responsibility as the CE to put in place a Business Associate Agreement (BAA) that holds the third party to the same standards of Privacy and Confidentiality as yourself.

Covered Entities and Business Associates need to understand your patients are entrusting YOU with their most private and intimate details, they expect it to remain secure.

Besides, it is YOUR practice, YOUR patient’s, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?

 

 

For tips like this and more request your copy of our “HIPAA Security Rule – Know The Rules!” Newsletter Today.

15 thoughts on “Episode 1: Know The Rules! Healthcare Business Associates

  1. […] preventable losses of information are just a few of the hazards facing Covered Entities (CEs) and Business Associates (BAs) that create, receive, maintain, and transmit electronic protected health information […]

  2. […] Portability and Accountability Act (HIPAA) Security Rule requires that Covered Entities (CEs) and Business Associates (BAs) designate a specific individual who’s responsible for managing the security of the […]

  3. […] Under the HIPAA Security Rule, the frequency of reviews will vary among Covered Entities (CEs) and Business Associates […]

  4. […] Entities (CEs) and their Business Associates (BAs) are expected to provide security controls that ensure the confidentiality, integrity, and […]

  5. […] Business Associate (BA) is a person or entity contracted to perform certain functions or activities that involve the […]

  6. […] the final Omnibus Rule becomes effective on March 26, 2013, requires Covered Entities (CEs) and Business Associates (BAs) of all sizes to follow HIPAA compliance with most of the HIPAA rule’s provisions, including […]

  7. […] HIPAA Security Rule requires Healthcare Business Associates (BA’s) implement […]

  8. […] Business Associates (BAs) are required to perform a HIPAA risk analysis to identify their potential Administrative, […]

  9. […] HIPAA Privacy, Security, and Breach Notification Rule require Covered Entities and Business Associates (BAs) to obtain a signed Business Associate Agreement (BAA) from each BA, and their subcontractors, […]

  10. […] information” held or transmitted by your provider (identified as a Covered Entity and/or their Business Associates), in any form or medium, whether electronic, on paper, or […]

  11. […] Business Associates (BAs) are at a greater risk by their limited knowledge, understanding, and/or implementation of the HIPAA Security and Breach Notification Rules in their organization. […]

  12. […] Entities (CEs) and Business Associates (BAs) are required to secure the electronic protected health information (ePHI) against internal […]

  13. […] HIPAA Security Rule 45 CFR §164.312(b) requires Covered Entities (CEs) and Business Associates (BAs) to “Implement hardware, software, and/or procedural mechanisms that record and examine […]

  14. […] Business Associate (BA) is someone who performs services that involve the disclosure of Protected Health Information […]

  15. […] Device and Media Controls standard requires Covered Entities (CEs) and their Business Associates (BAs) […]

Leave a Reply