What is a Business Associate?

by KirkpatrickPrice / June 29th, 2013

HIPAA Business Associates

Under HIPAA, a business associate includes the following: health information organizations, e-prescribing gateways, personal health record vendors, and entities providing data transmissions services for PHI and that require routine access to such PHI. Business associates are required to be compliant with the HIPAA/HITECH Rule, and are faced with many of the same compliance requirements as their covered entities. This means that business associates will be held responsible for their own compliance by establishing appropriate physical, administrative, and technical safeguards to protect PHI.

Preparing for HIPAA Compliance

The healthcare industry must take the appropriate measures to ensure HIPAA compliance because the integrity of the industry relies on keeping Protected Health Information (PHI) secure. If a business associate is unable to comply with HIPAA, it could mean more than just organizational, financial, and reputational implications for their organization—it could be life-threatening to patients. As the number of healthcare security breaches reported to the HHS continues to grow, it’s more important than ever for business associates to make sure that they are doing their due diligence to ensure that they are keeping PHI protected. So, what’s the first step that business associates can take to ensure that PHI is protect? Business associates should delegate personnel to oversee compliance efforts.

You need to have a person responsible of making sure that your organization is establishing and implementing physical, administrative, and technical safeguards to protect PHI. This person should also be responsible for ensuring that you have formally written policies and procedures. Think of it this way: if a client scheduled an onsite visit, could you produce adequate evidence to show how you are following your procedures? Protection from data breaches should be the top priority among your organization and can begin by setting a tone from the top and delegating a person to oversee compliance efforts.