Info graphic that says - HIPAA Business Associate Agreement - with handshake icon

The term Business Associate refers to a non-employee who creates, receives, maintains or transmits PHI or ePHI on behalf of a Covered Entity.  Some examples of Business Associates are:

-IT Service Providers

-Vendor Support (Practice Management, Imaging – anyone who needs to gain access to your network and/or database)

-Appointment Reminder Systems

-Collection Agencies

-Document Shredding Companies

and more.

It is important that Covered Entities (Dr.) assign responsibility to these companies or people with a Business Associate Agreement.  Many Business Associates have their own, however, beware of loopholes, such as the Business Associate not assuming financial responsiblity if they cause a breach.  They could be skirting their responsibility and making you financially responsible for their mistakes.