Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            What is a HIPAA Business Associate or Vendor?

            Modified on Mon, 18 Sep 2023 at 12:17 PM

            A HIPAA business associate (sometimes referred to as a “HIPAA vendor”) is: 


            “[A] person or entity, other than a member of the workforce of a covered entity who performs functions or activities on behalf of, or provides certain services to, a covered entity that involves access by the business associate to protected health information. A [BA] also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another [BA].”

            Specifically, if a vendor is performing a function, activity, or service on or behalf of a covered entity, and that function, activity, or service involves the vendor’s creation, transmission, receipt, or maintenance of PHI, the vendor is a HIPAA business associate.


            Business associate functions and activities include: claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing.  Business associate services are: legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial. 


            Examples of Business Associates include (but are not limited to):

            1. A third party administrator that assists a health plan with claims processing. 

            2. A CPA firm whose accounting services to a health care provider involve access to protected health information. 

            3. An attorney whose legal services to a health plan involve access to protected health information. 

            4. A consultant that performs utilization reviews for a hospital. 

            5. A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer. 

            6. An independent medical transcriptionist that provides transcription services to a physician. 

            7. A pharmacy benefits manager that manages a health plan’s pharmacist network. 


            If a business associate is performing these functions, activities, or services on behalf of another business associate (who, in turn, is performing these functions, activities, or services on behalf of a covered entity), the business associate performing the functions on behalf of the other business associate, is referred to as a business associate subcontractor. Both business associates and business associate subcontractors must comply with HIPAA.





            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0