A HIPAA – Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of Protected Health Information (PHI) on the behalf of, or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. A covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity.

The Privacy Rule lists some of the functions, activities, and services that make a person or entity a business associate, if the activity or service involves the use or disclosure of protected health information (PHI) covered under HIPAA. The types of functions or activities that may make a person or entity a business associate include payment or health care operations activities, and other activities regulated by the Administrative Simplification Rules.
Examples of Business Associates:

A third party administrator that assists a health plan with claims processing.
A CPA firm whose accounting services to a health care provider involve access to protected health information.
An attorney whose legal services to a health plan involve access to protected health information.
A consultant that performs utilization reviews for a hospital.
A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.
An independent medical transcriptionist that provides transcription services to a physician.
A pharmacy benefits manager that manages a health plan’s pharmacist network.

See also: HIPAA

 Print Friendly