Business associate functions and activities include: claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing. See the definition of “business associate” at 45 CFR 160.103.
Which company is considered a business associate?
Simply put, a Business Associate is a vendor or subcontractor who has access to PHI (Protected Health Information). A more legalese definition of a Business Associate under HIPAA is any entity that uses or discloses PHI on behalf of a Covered Entity.
What must be included in a business associate agreement?
The Business Associate/Subcontractor Agreement must include the following information, according to HHS: Describe the permitted and required PHI uses by the Business Associate/Subcontractor. Require the Business Associate/Subcontractor to use appropriate safeguards to prevent inappropriate PHI use or disclosure.
What is the purpose of the business associate agreement quizlet?
Agrees to make uses and disclosures and requests for protected health information: Consistent with covered entity’s minimum necessary policies and procedures. Proper management and administration of the business associate or to carry out the legal responsibilities of the business associate.
Are employees business associates?
Are employees of a Covered Entity considered Business Associates? No. Employees of a Covered Entity are not considered Business Associates.
Is a reinsurer a business associate?
Answer: Generally, no. A reinsurer does not become a business associate of a health plan simply by selling a reinsurance policy to a health plan and paying claims under the reinsurance policy.
Can a health plan be a business associate?
Businesses that have access to protected health information (PHI) on behalf of a covered entity (for example, an employer’s group health plan) typically qualify as “business associates” under the HIPAA Privacy, Security and Breach Notification Rules (HIPAA Rules).
For which of the following is a business associate contract not required?
In which of the following situations is a Business Associate Contract NOT required: a. With persons or organizations whose functions or services do note involve the use or disclosure. With a person or organizations that acts merely as a conduit for protected health information.
Can a cleaning company be a business associate?
Cleaning Company – Unless the cleaning company is using, storing, or otherwise making use of PHI on the Covered Entity’s behalf, the routine cleaning and disposal of the garbage in a medical office does not involve Business Associate activities requiring a Business Associate Agreement.
Who are business associates of a healthcare company?
That left many entities with regular access to medical information, such as billing companies, accountants, lawyers, pharmacy benefit management companies, and other healthcare entities and vendors, outside the scope of the law. Collectively, they are classified as Business Associates.
When do business associates have to abide by privacy rule?
If the Business Associate carries out one of the Covered Entity’s obligations under the Privacy Rule, the BAA must require that the Business Associate agree to abide by that Privacy Rule provision. While this is covered conceptually in almost every BAA already, it can’t hurt to include specific language to this effect.
Which is not an example of a business associate?
A member of the Covered Entity’s workforce is not a Business Associate. The following are examples of service providers that are sometimes business associates, depending on the underlying relationships, whether they access PHI and the functions involved:
