HIPAA - Business Associate
Who is a business Associate ?
A "business associate" is a person or entity who executes certain functions or activities which involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity's. In clear terms. Business Associate is an individual or entity, not acting as an employee, who Creates, receives, maintains, or transmits protected health information for a function or activity regulated by HIPAA on behalf of a covered entity (CE) or another BA. He can Provide legal, actuarial, accounting, consulting, data aggregation (as defined in B' 164.501 of this subchapter), management, administrative, accreditation, or financial services and needs PHI to do it.
The common activities which is done by business associate are : claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing. Business associate services are: legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial.
Examples of business associates:
- Third party administrators assisting health plan to process claims.
- A CPA firm having access to PHI as doing accounting/ Billing service for a healthcare provider.
- An attorney whose legal services to a health plan involve access to protected health information.
- A consultant performing utilization reviews for a hospital.
- A vendor who is doing Shredding service for a hospital
- Systems vendors who access PHI
- A health care clearinghouse whose job is to translate a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.
- An independent medical transcriptionist providing transcription services to a physician.
- A pharmacy benefits manager that manages a health planb's pharmacist network
Who is not a Business Associate
- Does not include those who never need to touch PHI:
- Tradesmen (plumber, etc.)
- Housekeeping, etc.
- Does Not Include:
- Workforce or Conduits (USPS, FedEx, etc.)
- Another provider, for treatment purposes
- A health plan sponsor, re treatment of the individual
- A government agency, re government health plans (such as Medicare)
- Covered Entities in an Organized Health Care Arrangement (OHCA)
Importance of Business Associate ?
- Essential for operation of the healthcare business
- Play an increasing role in the management of PHI
- Responsible for some of the biggest breaches of PHI
- Now directly under HIPAA rules
- May play a role in a Hybrid entity, in an ACE, or in an OCHA (oh, so many acronymsb&)
Popular Trainings
HIPAA Security and Privacy Rules and analyze the consequences of being a business associate.
Requirements of the Omnibus Final Rule regarding Business Associate Agreements (BAAb's) including what it was, what it is now, and what it might be in the future.
Modifications made to the Final Omnibus Rule and the impact of these changes on agreements between covered entities and business associates.
Significant changes to the HIPAA rules for business associates, the new challenges for HIPAA covered entities and business associates, and new risks for non-compliance and penalties.
Eliminate your confusion around conducting an effective security risk analysis to fulfill the core requirements of the HIPAA Omnibus Final Rule for covered entities and business associates.
Understand the risks associated with handling Protected Health Information (PHI) and show how to implement the steps required to mitigate the risks to secure PHI and comply with new HIPAA/HITECH omnibus rule.
