A The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic h... More – Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of Protected Health Information (PHI) on the behalf of, or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. A covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity.
The Privacy Rule lists some of the functions, activities, and services that make a person or entity a business associate, if the activity or service involves the use or disclosure of protected health information (PHI) covered under HIPAA. The types of functions or activities that may make a person or entity a business associate include payment or health care operations activities, and other activities regulated by the Administrative Simplification Rules.
Examples of Business Associates:
A third party administrator that assists a health plan with claims processing.
A CPA firm whose accounting services to a health care provider involve access to protected health information.
An attorney whose legal services to a health plan involve access to protected health information.
A consultant that performs utilization reviews for a hospital.
A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.
An independent medical transcriptionist that provides transcription services to a physician.
A pharmacy benefits manager that manages a health plan’s pharmacist network.
See also: HIPAA