The Role of Business Associates

Share This Post

Healthcare providers have a large responsibility and role. Because of this, they often need assistance from others to carry out specific healthcare tasks. So, providers can use business associates who provide their services to complete these tasks.

What Is a Business Associate?

A business associate is any person who assists a covered entity by doing specific functions or activities. These actions require the disclosure of protected health information. Some of these functions or activities can include data analysis processing, utilization review, and quality assurance. For example, business associates can include a consultant that reviews hospitals, a medical transcriptionist that assists in transcribing for a physician, and an attorney who uses protected health information to create health plans. 

Covered Entities

Covered entities can include a wide range of individuals. For instance, they can include healthcare providers, such as doctors, clinics and psychologists, health plans, or healthcare clearinghouse. These individuals must follow the rules and be responsible for protecting the privacy of health information. But, covered entities are only responsible for protection of information if they meet the stated definition of a covered entity. 

Privacy and Security Rule

Business associates and covered entities are liable under both the HIPAA Privacy Rule and HIPAA Security Rule. Under the HIPAA Privacy Rules, they can receive criminal penalties for disclosing prohibited information. Similarly, under the HIPAA Security Rule, they can also receive penalties for failure to safeguard protected health information. 

In addition, the Privacy Rule lists several functions, activites, or services that classify someone as a business associate. The Privacy Rule also includes exceptions in some situations in which a covered entity does not need a contract in order to disclose protected health information. Some situations include, disclosure of information by a covered entity to a healthcare provider if the information is used for treatment, disclosure of information to health plan sponsor, and when health plans collect protected health information to benefit the public. For instance, this would be medicare. 

Business Associate Contracts

A business associate contract is a written agreement between a covered entity and business associate. Above all, this contract must contain specific information including a description of the necessity for the use of protected health information, state that the business associate will only use the information for what is required, and state that if the business associate violates the contract, the covered entity has the responsibility to end the violation. Therefore, if the covered entity is not able to end the contract, they must report the issue to the Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR).

Get Certified

American Medical Compliance (AMC) is a leader in the industry for compliance, Billing and HR solutions. We offer training on HIPAA Business Associates for providers. To become certified, please visit us at: www.americanmedicalcompliance.com.

 

References:

U.S. Department of Human Health Services. www.hhs.gov

More To Explore

Advancing Diabetes Management with CGM Training blog thumbnail
General

Advancing Diabetes Management with CGM Training 

Continuous Glucose Monitoring (CGM) technology is transforming the approach to diabetes care for healthcare providers, including endocrinologists, diabetes educators, and nurses, as well as for

Want to Improve your Bottom Line, Patient Satisfaction and Retention?

Reach out and See How We Can Help!

© 2024American Medical Compliance | All Rights Reserved