There are two different sorts of organizations facing the burden of HIPAA compliance: covered entities and business associates. While both covered entities and business associates seek to maintain compliance, each is subject to separate requirements under the HIPAA standards, just like the two people holding the umbrella with different responsibilities.
In this article we will share information shared by netsec.news site experts regarding business Associates’ Responsibilities under HIPAA.
What is a Business Associate?
A business associate is merely a supplier or subcontractor
with access to PHI (Protected Health Information).
Any organization that uses or discloses PHI on behalf of a Covered Entity is what a Business Associate under HIPAA is defined as in more formal legalese. Additionally, a Business Associate is any individual who carries out (or aids in the execution of) a function or activity involving the use or disclosure of PHI on behalf of a Covered Entity.
How Do the HIPAA Rules Apply to Business Associates?
What does that mean for your responsibilities under its regulations if you fall under the HIPAA definition of a business associate? Although covered entities vary, the following is how each rule applies to business partners:
HIPAA Rules for Business Associates
Same responsibilities apply to business partners and covered organizations, including putting in place administrative, physical, and technical protections to preserve the privacy, accuracy, and accessibility to PHI.
2. Breach Notification
According to the regulation, you must notify a breach 60 days after being aware of it, knowing about it, or having reason to know about it.
The notice must contain all the information required for breach reporting by the covered entity.
Business partners are required to abide by a BAA and many privacy clauses, including: making an effort to use PHI only as much as is essential to complete the task;assisting with investigations and reviews conducted by the U.S. Department of Health and Human Services (HHS); Entering into subcontractor agreements and acting when the subcontractor materially breaches those agreements; and Not taking any action that might be seen as retaliation against someone for making a complaint, taking part in an inquiry, or objecting to an act or practice that violates HIPAA.
How are Business Associates Liable Under HIPAA?
BAAs will support your HIPAA compliance and serve as evidence that you took reasonable precautions to protect data. This is significant because after the Health Information Technology for Economic and Clinical Health (HITECH) Act was passed, business partners of covered businesses were directly responsible for adhering to certain HIPAA regulations.
Since then, the Office of Civil Rights (OCR) has released guidelines on appropriate HIPAA compliance procedures, safeguards, and records.