Business Associate Agreement

Home » Business Associate Agreement

Business Associate Agreement

The Business Associate Agreement and HIPAA/HITECH rules require your practice to sign a contract with all business associates you have that ensures that they will protect any patient’s PHI you provide to them in the same manner as you are required under the rule.

There are several HIPAA and HITECH requirements concerning business associate contracts. Attention should be paid to the use of contracts for business associates on the subject of Internet hosted or non-hosted practice management/EHR applications. This is important because of the HITECH Act’s requirements for the promotion of health information technology.

Descriptive image showing a phone, and 3 bubles with call center, breach response and OIG/CMS Exclusion.

Who to Contract with

Here are some basic rules for identifying who is a business associate:

  • Employees are not business associates. Business associates are contracted, not employed.
  • A business associate provides a service necessary to run the healthcare organization such as billing, collections, practice management consulting, etc. Research, fund-raising activities and marketing are not considered core business operations functions.
  • The business associate is usually not “a covered entity” under HIPAA and works outside of the patient’s treatment relationship.
  • The business associate needs patient information in order perform its task.
  • The business associate usually keeps the patient PHI with which it is provided.

Click below if you are interested in our HIPAA Compliance Program.

“We were so impressed. An amazing job. The best training we’ve ever had. Your compliance consultant was interesting, quick and on-the-ball. We actually learned something! “

~ Betsy Ott, Administrative Assistant, Goldstein Rosenberg’s Raphael-Sacks Funeral Home, Philadelphia, Pa