What is a HIPAA Business Associate?
For the purposes of the HIPAA Security Rule a HIPAA Business Associate is a person or entity who provides certain functions, activities, or services for or to a covered entity, involving the use and/or disclosure of PHI. A HIPAA Business Associate is not a member of the health care provider, health plan, or other covered entity's workforce. A health care provider, health plan, or other covered entity can also be a business associate to another covered entity.
Examples of HIPAA business associates include:
- A third party administrator that assists a health plan with claims processing
- A CPA firm whose accounting services to a health care provider involve access to protected PHI
- An IT service provider who may view unencrypted protected health information
- An attorney whose legal services to a health plan involve access to protected health information
- A consultant that performs utilization reviews for a hospital
- A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer
- An independent medical transcriptionist that provides transcription services to a physician.
- A pharmacy benefits manager that manages a health plan’s pharmacist network.
For more information on HIPAA Business Associates and the full compliance of your health care organization, download our HIPAA Security Assessment Toolkit™