Skip to content

HIPAA Compliance for Business Associates

One of the most challenging issues for health care organizations is ensuring business associates can be trusted with PHI (Protected Health Information). Of the 11 million people affected by report-able data breaches between September 2009 and June 2011, 6 million or 55% were affected by data breaches involving business associates, according to the federal government.  Review the list of breaches involving business associates published by HHS by checking the latest data breach report. Healthcare organizations often use the services of a variety of contractors and businesses. The HITECH act allows covered entities to disclose (minimum necessary) protected health information (PHI) to these “business associates,” if the covered entities obtain satisfactory assurances that the business associate will use the information only for the purposes for which it was engaged by the covered entity, will safeguard the information from misuse, and will help the covered entity comply with some of the covered entity’s duties under the the HIPAA Privacy Rule:

  • Have you identified your key business associates handling PHI that you create, receive, maintain, or transmit?
  • Have you identified your key business associates handling PHI that you create, receive, maintain, or transmit?
  • Do you review your contract periodically with your key business associates?
  • Do you have the right to audit clause or require your business associate to follow certain minimum security controls and best practices?

Our Approach:

databrackets provides consulting services by partnering with leading law firms to assess your business associates based on several key factors:

  • Corporate size of the BA
  • Volume of data accessed by BA
  • Number of facilities serviced by BA
  • Type of services provided by BA
  • Complexity of services provided by BA
  • Location of BA
  • Previous data breaches, complaints or incidents involving BA

Our Business Associate Assessment and Monitoring services combine the above guidelines and the following guidelines chart to provide an assessment reports periodically about your key business associates.