Business associate agreement

Business associates agreement

Learn more about the new B.A.A. statutes

Business Associate Agreement

The Business Associate Agreement and HIPAA/HITECH rules require your practice to sign a contract with business associates that ensures that they will protect any patient's PHI you provide to them in the same manner as you are required under the rule.

There are several HIPAA and HITECH requirements concerning business associate contracts. Attention should be paid to the use of contracts for business associates on the subject of Internet hosted or non-hosted practice management/EHR applications. This is important because of the HITECH Act’s requirements for the promotion of health information technology.

Who to contract with

Here are some basic rules for identifying business associates with whom you must contract:

  • Business associates are contracted, not employed. Employees are not business associates.
  • A business associate provides a service necessary to run the healthcare organization such as billing, collections, practice management consulting, etc. Bear in mind that research, fund raising activities and marketing are not considered core business operations functions.
  • The business associate is usually not "a covered entity" under HIPAA and works outside the patient's treatment relationship.
  • The business associate needs patient information in order perform their task.
  • The business associate usually keeps the patient PHI they are provided.

Click below if you are interested in our HIPAA Compliance Program and would like to download a sample of MedSafe's Business Assocate List.