Friday, 12 January 2018 09:00

Just Who Is a Business Associate?

Written by

Business Associate is a person or organization, other than an employee of a covered entity, who performs functions or provides services related to creating, receiving, maintaining, or transmitting Protected Health Information (PHI) on behalf of your organization.

Remember!With all of your business associates, you need an agreement that legally binds you (the HIPAA covered entity) and the business associate with very clear terms for managing and protecting health information emanating from you.

A written contract with your Business Associate must:

  • Detail the uses and disclosures of PHI the Business Associate may make

  • Require that the Business Associate safeguard PHI

In other words, if any one person or vendor has potential access to private health information, you need to hold them accountable to the same high standards as you are held accountable.

Read 119 times Last modified on Friday, 12 January 2018 09:06


Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

10 Step HIPAA Plan

  • Step 1: Confirm you are a covered entity +

    What's Inside:
    Lists of who is generally covered and who is not, plus contact for inquiries.
  • Step 2: Provide leadership +

    What's Inside:
    • 7-page HIPAA basics
    • 62-page guide to security and privacy of ePHI
    • Compliance Charter Template
  • Step 3: Document processes, findings, and actions +

    What's Inside:
    Templates for Security Policies and Procedures
  • Step 4: Conduct a security risk analysis +

    What's Inside:
    • Guides
    • Short videos
    • Interactive quizzes on risk assessment and contingency preparation
    • 10 common myths

    Interactive tutorial – 156 questions with fill-able PDFs for Windows or iPad. All material from federal sources.
  • Step 5: Develop an action plan +

    What's Inside:
    • 11-page overview on ePHI for small practices
    • 4-page Q&A addresses email with patients
    • Checklists

    Toolkit on 45 implementation specifications
  • Step 6: Manage and mitigate risks +

    What's Inside:
    • Overview of expectations
    • Annual Work Plan Template
  • Step 7: Prevent breaches +

    What's Inside:
    • Form for reporting brief notification
    • Links to details on the notification process and what constitutes a breach.
    • Suite of Training Materials
  • Step 8: Communicate with patients +

    What's Inside:
    FOR ALL:
    Privacy notice templates to help achieve meaningful consent, in English & Spanish.

    Professionals' guide covering 2013 updates on communications.

    Electronic toolkit with patient education and meaningful consent sample materials.
  • Step 9: Update or execute Business Associate Agreements (BAAs) +

    What's Inside:
    • Sample Business Associate Agreement (BAA) provisions
    • Suite of BA Management Tools
  • Step 10: Attest to Compliance with Security Objectives +

    What's Inside:
    • Tip sheets
    • Short videos
    • Overviews

    • 94-page guide on the EHR incentive program
    • Beginners' toolkit on reporting to the government

    All from federal sources.
  • 1


Member Access