DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
What is the Definition of a HIPAA Business Associate?
A HIPAA business associate (sometimes referred to as a “HIPAA vendor”) is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) on behalf of, or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate.
The definition of the term "business associate" also includes a subcontractor that creates, receives maintains, or transmits protected health information on behalf of a business associate.
Business associates create, transmit, receive, or maintain PHI on behalf of covered entities. Business associate subcontractors create, transmit, receive, or maintain PHI on behalf of business associates.
What are the Functions and Services Performed by a Business Associate?
Business associate functions and activities include:
- Claims processing or administration
- Data analysis, processing or administration
- Utilization review
- Quality assurance
- Billing
- Benefit management
- Practice management
- Repricing
Business associate services include: legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial.
What are Some Examples of Business Associates?
Examples of Business Associates include (but are not limited to):
Managed Service Providers (MSPs) that access or store a covered entity's electronic protected health information.
A third party administrator that assists a health plan with claims processing.
A CPA firm whose accounting services to a health care provider involve access to protected health information.
An attorney whose legal services to a health plan involve access to protected health information.
A consultant that performs utilization reviews for a hospital.
A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.
An independent medical transcriptionist that provides transcription services to a physician.
A pharmacy benefits manager that manages a health plan’s pharmacist network.
If a business associate is performing these functions, activities, or services on behalf of another business associate (who, in turn, is performing these functions, activities, or services on behalf of a covered entity), the business associate performing the functions on behalf of the other business associate, is a business associate subcontractor.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article