|
|
| History > Business Associates |
|
According to current HIPAA regulations, the definition of a "business associate" is any entity that uses or discloses protected health information (PHI) on behalf of a covered entity (e.g. group health plan, hospital, etc.).
Furthermore, it is any person who, on behalf of a covered entity, performs (or assists in the performance of) a function or activity involving the use or disclosure of PHI. [45 CFR § 160.103.] Download this easy flow chart to determine if you or your organization is a Business Associate. |
|
Examples of functions or activities that involve the use of disclosed PHI given in the HIPAA regulations include:
|
Claims Processing / Admin |
Benefit Management |
|
Data Analysis |
Practice Management |
|
Utilization Review |
Re-Pricing |
|
Quality Assurance |
Billing |
[45 CFR § 160.103.]
In addition, HIPAA regulations specifically identify the following services which, if they involve PHI and if they are performed by a non-workforce member, will make that person or entity a business associate:
|
Legal |
Actuarial |
|
Accounting |
Consulting |
|
Data aggregation |
Management |
|
Administrative |
Accreditation |
|
Financial |
|
[45 CFR § 160.103.]
(Go to Next Page)
|
|
|
 |
|
| QUICK HIPAA FACTS |
In a recent BridgeFront study, more than 95% of compliance professionals said they train their staff annually.
There are three main requirements for HIPAA compliance:
Annual staff educationInternal policies and proceduresA Business Associate agreement
Learn more about our HIPAA online education and services. More >>> |
|
 |
 |
|
