But first, let’s define what exactly the HIPAA Rules qualify as a Business Associate (BA). According to guidance from the Department of Health and Human Services (HHS), a BA is:
“[A] person or entity, other than a member of the workforce of a covered entity who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. A [BA] also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another [BA].”
Essentially, if an organization is hired to handle, use, distribute, or access protected health information (PHI), they likely qualify as a BA under HIPAA regulation.
The quick rule to remember with Business Associates: before you share PHI, you must have a BAA in place. A HIPAA Business Associate Agreement is the easiest way to protect your practice or organization in the event of a breach, which we’ll discuss in more detail below.
Compliancy Group’s web-based compliance solution, The Guard, comes equipped with everything you and your organization need to manage your HIPAA Business Associates.