Individuals, organizations, and agencies that meet the definition of a business associate under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information. If a business associate is engaged with a covered entity to help it carry out its health care activities and functions, the business associate must have a written business associate contract or other arrangement with the covered entity that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.
A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity, as defined under 45 CFR 160.103.
Examples of business associates include:
(1) Except as provided in paragraph (4) of this definition, business associate means, with respect to a covered entity, a person who:
(i)On behalf of such covered entity or of an organized health care arrangement (as defined in this section) in which the covered entity participates, but other than in the capacity of a member of the workforce of such covered entity or arrangement, creates, receives, maintains, or transmits protected health information for a function or activity regulated by this subchapter, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, patient safety activities listed at 42 CFR 3.20, billing, benefit management, practice management, and repricing; or
(ii)Provides, other than in the capacity of a member of the workforce of such covered entity, legal, actuarial, accounting, consulting, data aggregation (as defined in § 164.501 of this subchapter), management, administrative, accreditation, or financial services to or for such covered entity, or to or for an organized health care arrangement in which the covered entity participates, where the provision of the service involves the disclosure of protected health information from such covered entity or arrangement, or from another business associate of such covered entity or arrangement, to the person.
VITECH is a HIPAA compliant Cybersecurity firm. We have met all the requirements for a Business Associate under HIPAA, and have spent countless hours studying the Privacy and Security Rules. We literally wrote the book on compliance.
We know what HHS requires for you to be compliant, and developed the only business solution available that addresses both the Privacy and the Security Rules. Our Full-Spectrum Compliance ℠ solution is engineered to take you from a state of non-compliance to full compliance within a very short period of time.
*IT Service Providers, we have a unique custom solution to help you become compliant at an accelerated pace. Give us a call and we’ll get you set up in no time.
Fill In The Form Below for industry news, and information about our services, events, webinars and more.