What Is a “Business Associate”?
A "Business associate" is someone or an entity whose role in a health organization involves disseminating or using protected health information either as a service or on behalf of a covered entity. However, it is important to note that a covered entity member is not necessarily a business associate. In fact, a business associate can be a covered healthcare provider, healthcare clearing house, or health plan of another covered entity. There is a list on privacy rule that will mention all the functions and roles of a business associate including services involving handling of eHealth information. There are various factors that will determine if an entity or individual is a business associate and this will include the activities on healthcare operations, payments and any other activity under the jurisdiction of the Administrative Simplification Rules.
Some of the functions of a business associate are:
- Administration and processing of claims
- Analyzing data, administrations, reviews on utilization, billing processes, quality assurance, repricing as well as practice management,
Most services offered by business associates will be; actuarial, consulting, managerial, administrative, accounting services, accreditation, financial and data aggregation. Otherwise, the business associate definition can also be found at 45 CFR 160.103.
Types of HIPAA Business Associates:
- A third party administrator who assists a healthcare entity in the processing of claims
- An accounting firm whose involvement in a healthcare facility deals with handling of protected eHealth information.
- A legal representative whose services involve handling of protected eHealth information.
- An attorney whose legal services to a health plan involve
access to protected health information
- Consultants who carry out utilization reviews for a health entity.
- Healthcare clearing houses that assist in translating claims from non-standard formats to standard transactions on behalf of a healthcare entity and then forward processed transactions to payers.
- Independent medical transcriptions that provide transcription services to medical practitioners.
- Manager to pharmacy benefits who manages the network of the health plan’s pharmacist.
Business associates should ensure that they are Health Insurance Portability and Act (HIPAA) compliant in regards to the legal specifications laid out by the Federal stimulus Package or the Federal American Recovery Reinvestment Act (ARRA) and this should also include information technology and medical billing related to PHI. So far, as from February 17, 2010 all business associates should abide by HIPAA rules and regulations or else will be answerable to all criminal charges stipulated in the rule.
In the event a covered entity shares EPHI with a business associate both should get into a Business Associate agreement which would normally require the business associate to retain the confidentially of the information shared. However, a business associate is normally liable to penalties related to breach of the contract agreements but not sanctions placed by the federal government.
On the other hand, penalties included for breaking HIPAA rules on handling PHI will comprise of criminal liability and federal monetary fines. It is also important to note that the law also demands that the Department of Health and Human Services (DHHS) to conduct audits on Business Associates and Covered entities to ensure they are HIPAA Compliant. In other words, as a business associate you must understand the importance of being compliant.
According to the revisions done on HIPAA Law in 2009 in respect to business associates, were very stringent on penalties for violations under this law. Actually, the penalty fines can go as high as $1.5m per year and in some instances, it may also include serving a jail term for very serious offenses.
There are two different packages that we offer to business associates to assist them in being compliant.
Business Associate Compliance Tool (Less than 50 Employees)
Business Associate Compliance Tool (More than 50 Employees)
We also do offer HIPAA Certifications for products used by the healthcare sector and for business associates. Considering a number of covered entities normally ask or demand for HIPAA Compliance certifications or evidence related to that then know that our HIPAA certifications should help you achieve this.
For details on how to achieve the HIPAA compliance seal
for your company, services and products, feel free to contact us at
Bob@hipaatraining.net or call