What is it?
An agreement between your practice and your business associate that the business associate will appropriately safeguard the Protected Health Information (PHI) it receives or creates on behalf of your practice. The satisfactory assurances must be in writing, whether in the form of a contract or other agreement between your practice and the business associate.
Why do I need it?
It is mandatory for business associates under the HIPAA Privacy Rule.
When do I use it?
Before you disclose PHI to business associates. A Business Associate is a person or entity that creates, receives, maintains, or transmits PHI on behalf of, or in providing services to, a covered entity.
Business associate functions and activities include: claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing.
Business associate services are: legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial.
Who is it for?
Anyone subject to HIPAA and/or state patient privacy laws.