HIPAA Help Center’s Business Associate module provides a place to keep track of business associates and view details pertaining to their relationships with the covered entity. The Privacy Officer and/or appointed designee can view the business associates demographic information, HIPAA compliance agreement status and the details around business associate access to ePHI. This module allows users to ensure the presence of adequate safeguards for the information you share with business associates.
Key features of the Business Associate module
The features in the Business Associate module aim to keep application users organized, make them aware of their business relationship statuses and help them ensure HIPAA compliance. These key features include:
- Auto-populated contract: Through a series of questions about the business associate, including the company name, description of services provided and type of access granted, HIPAA Help Center creates a professional contract covered entities can send directly through HIPAA Help Center.
- Filters: Application users can use the filters feature to create an organized view of business associates. For instance, covered entities can categorize business associates by location, agreement status (active, pending and terminated) and service type.
- Easy viewing: With a quick glance at the module, covered entities can view the name, location, electronic protected health information actions, accessibility and type of service, among other pertinent details, of their business associates.
Frequently asked questions regarding business associates:
What are some examples of business associates?
HIPAA considers business associates as individuals or parties outside the covered entity’s company involved in the handling of protected health information. This may include a pharmacy benefits manager, an attorney who needs to access PHI for legal purposes, an independent medical transcriptionist or a health care clearinghouse, according to the U.S. Department of Health and Human Services.
What components must these contracts include?
The purpose of creating contracts with business associates is to ensure the protection of PHI even when it is out of the hands of covered entities. HIPAA requires that these contracts include a description of the intended use of the PHI, acknowledgement that the business associate will not use PHI for reasons other than those listed and written details of the necessary safeguards for the documents.
What happens if a breach of information occurs with a business associate?
In the event of a breach of information, the covered entity is responsible for responding to the incident and must terminate the contract if those reactionary steps are unsuccessful.