A "Business associate" is someone or an entity whose role in a health organization involves disseminating or using protected health information either as a service or on behalf of a covered entity. However, it is important to note that a covered entity member is not necessarily a business associate. In fact, a business associate can be a covered healthcare provider, healthcare clearinghouse, or health plan of another covered entity. There is a list of privacy rule that will mention all the functions and roles of a business associate including services involving handling of eHealth information. There are various factors that will determine if an entity or individual is a business associate and this will include the activities of healthcare operations, payments and any other activity under the jurisdiction of the Administrative Simplification Rules.
Some of the functions of a business associate are:
Most services offered by business associates will be; actuarial, consulting, managerial, administrative, accounting services, accreditation, financial and data aggregation. Otherwise, the business associate definition can also be found at 45 CFR 160.103.
Business associates should ensure that they are Health Insurance Portability and Act (HIPAA) compliant in regards to the legal specifications laid out by the Federal stimulus Package or the Federal American Recovery Reinvestment Act (ARRA) and this should also include information technology and medical billing related to PHI. So far, as from February 17, 2010, all business associates should abide by HIPAA rules and regulations or else will be answerable to all criminal charges stipulated in the rule.
In the event, a covered entity shares EPHI with a business associate both should get into a Business Associate agreement which would normally require the business associate to retain the confidentially of the information shared. However, a business associate is normally liable to penalties related to breach of the contract agreements but not sanctions placed by the federal government.
On the other hand, penalties included for breaking HIPAA rules on handling PHI will comprise of criminal liability and federal monetary fines. It is also important to note that the law also demands that the Department of Health and Human Services (DHHS) to conduct audits on Business Associates and Covered entities to ensure they are HIPAA Compliant. In other words, as a business associate, you must understand the importance of being compliant.
According to the revisions done on HIPAA Law in 2009 in respect to business associates, were very stringent on penalties for violations of this law. Actually, the penalty fines can go as high as $1.5m per year and in some instances, it may also include serving a jail term for very serious offenses.
There are two different packages that we offer to business associates to assist them in being compliant.
We also do offer HIPAA Certifications for products used by the healthcare sector and for business associates. Considering a number of covered entities normally ask or demand HIPAA Compliance certifications or evidence related to that then know that our HIPAA certifications should help you achieve this.
For details on how to achieve the HIPAA compliance seal for your company, services and products, feel free to contact us at Bob@hipaatraining.net or call (515) 865-4591.
Duration: 4 days Classroom Training OR 24 hours. Audience: HIPAA privacy officer, compliance officer and consultants.More on CHPSE
Duration: 2 days Classroom Training OR 16 hours. Audience: IT Staff, Software Developers, Network Engineers etc.More on CHSE
Duration: 2 days Classroom Training OR 14 hours. Audience: HR Staff, HIPAA Privacy Compliance Team, HR Manager, Privacy Attorney, Head Nurse etcMore on CHPE
Duration: 2 hours. Audience: Any employee of Cover Entity, Interns, Insurance Agent, Medical Device Sales Rep etcMore on Overview Training
Templates for Security & Privacy Policies, Risk Analysis, Contingency plan, Audit and much more.View Compliance Products