Healthcare Business Associates – Did You Know?
The HIPAA Privacy, Security, and Breach Notification Rules apply to both Covered Entities (CEs) and their Business Associates (BAs).
Healthcare providers and dentists, referred to as CEs, outsource many of their daily administrative activities to third parties and their subcontractors, referred to as BAs, to provide specific health and/or business services.
What Do BAs Do?
Healthcare Business Associates can be a person or an organization, other than an employee of a CE, that performs certain functions on behalf of, or provides certain services to, a covered entity that involve access to PHI.
A BA can also be a subcontractor responsible for creating, receiving, maintaining, or transmitting Protected Health Information (PHI) on behalf of the CE (45 CFR 160.103);
BAs provide services to CEs that include:
- Consultants
- Managed Service Provider
- Management Administration
- Billing, Coding, Transcription
- Marketing companies
- Accreditation
- Utilization Review
- Information technology contractors
- Data Analysis
- Data storage or document destruction companies
- Data transmission companies or vendors who routinely access PHI
- Third Party Administrators (TPA)
- Lawyers
- Accountants
- Malpractice insurers
NOTE: A CE can be a BA of another CE.
Why Should You Care?
It is YOUR responsibility as the CE to put in place a Business Associate Agreement (BAA) that holds the third party to the same standards of Privacy and Confidentiality as yourself.
Covered Entities and Business Associates need to understand your patients are entrusting YOU with their most private and intimate details, they expect it to remain secure.
Besides, it is YOUR practice, YOUR patient’s, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?
For tips like this and more request your copy of our “HIPAA Security Rule – Know The Rules!” Newsletter Today.
Episode 37: Know The Rules! What are HIPAA Security Standards Anyway? | HIPAA alli
[…] preventable losses of information are just a few of the hazards facing Covered Entities (CEs) and Business Associates (BAs) that create, receive, maintain, and transmit electronic protected health information […]
Ep. 34: Know The Rules! Who is Your HIPAA Security Officer AND What Do They Do? | HIPAA alli
[…] Portability and Accountability Act (HIPAA) Security Rule requires that Covered Entities (CEs) and Business Associates (BAs) designate a specific individual who’s responsible for managing the security of the […]
6 Steps to Implementing Your HIPAA Security Management Process | HIPAA alli
[…] Under the HIPAA Security Rule, the frequency of reviews will vary among Covered Entities (CEs) and Business Associates […]
What's a Security Incident? When is it a Breach? | HIPAA alli
[…] Entities (CEs) and their Business Associates (BAs) are expected to provide security controls that ensure the confidentiality, integrity, and […]
Business Associate Agreement | HIPAA alli
[…] Business Associate (BA) is a person or entity contracted to perform certain functions or activities that involve the […]
Episode 9: Know The Rules! HIPAA - Who Has To Comply? | HIPAA alli
[…] the final Omnibus Rule becomes effective on March 26, 2013, requires Covered Entities (CEs) and Business Associates (BAs) of all sizes to follow HIPAA compliance with most of the HIPAA rule’s provisions, including […]
Episode 2: Know The Rules! Security Awareness and Training for Business Associates | HIPAA alli
[…] HIPAA Security Rule requires Healthcare Business Associates (BA’s) implement […]
Episode 3: Know The Rules! HIPAA Risk Analysis | HIPAA alli
[…] Business Associates (BAs) are required to perform a HIPAA risk analysis to identify their potential Administrative, […]
Episode 41: Know The Rules! Business Associate Agreement | HIPAA alli
[…] HIPAA Privacy, Security, and Breach Notification Rule require Covered Entities and Business Associates (BAs) to obtain a signed Business Associate Agreement (BAA) from each BA, and their subcontractors, […]
Stop Offshoring Medical Records | HIPAA alli
[…] information” held or transmitted by your provider (identified as a Covered Entity and/or their Business Associates), in any form or medium, whether electronic, on paper, or […]
2018 Wall of Shame Business Associate Breaches | HIPAA alli
[…] Business Associates (BAs) are at a greater risk by their limited knowledge, understanding, and/or implementation of the HIPAA Security and Breach Notification Rules in their organization. […]
HIPAA Security Awareness and Training | HIPAA alli
[…] Entities (CEs) and Business Associates (BAs) are required to secure the electronic protected health information (ePHI) against internal […]
Episode 29: Know The Rules! Medical Records Snooping | HIPAA alli
[…] HIPAA Security Rule 45 CFR §164.312(b) requires Covered Entities (CEs) and Business Associates (BAs) to “Implement hardware, software, and/or procedural mechanisms that record and examine […]
Episode 4: Know The Rules! Risk Analysis Required | HIPAA alli
[…] Business Associate (BA) is someone who performs services that involve the disclosure of Protected Health Information […]
Episode 61: Know The Rules! Device and Media Controls - Part 1 | HIPAA alli
[…] Device and Media Controls standard requires Covered Entities (CEs) and their Business Associates (BAs) […]
Episode 64: Know The Rules! 2018 Business Associate Healthcare Data Breaches | HIPAA alli
[…] on the Health & Human Services (HHS) Office of Civil Rights (OCR) Breach Portal website by Business Associates (BAs) in […]
Ep. 76: Know The Rules! Security Incidents vs Breaches | HIPAA alli
[…] Incident Response Plan is intended to assist your Covered Entities (CEs) and their Business Associates (BAs) in detecting breaches, decreasing loss and damage, mitigating the weaknesses that were […]