What is a Business Associate?

A Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of your patient's PHI.  A member of your workforce is not a business associate.  A covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity.  The Privacy Rule lists some of the functions or activities, as well as the particular services, that make a person or entity a business associate, if the activity or service involves the use or disclosure of PHI.

Business associate functions and activities include: claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing. Business associate services are: legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, and financial. See the definition of “business associate” at 45 CFR 160.103.


Examples of Business Associates:

• A third-party server and workstation administrator

• A third-party network administrator

• A third-party administrator that assists a health plan with claims processing.

• A CPA firm whose accounting services to a health care provider involve access to PHI.

• An attorney whose legal services to a health plan involve access to PHI.

• A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.

• An independent medical transcriptionist that provides transcription services to a physician.

• A pharmacy benefits manager that manages a health plan’s pharmacist network.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What is PHI and ePHI?

PHI stands for Personal Health Information which includes all patient records and information...

What is the HIPAA Security Rule?

The National Institute of Standards and Technology (NIST) wrote the Security Rule. The Department...

What is a Security Risk Analysis?

Whether you applied for Meaningful Use incentive fund or not, all medical practices and business...

What is a Data Breach?

A breach is defined as an impermissible use or disclosure of Protected Health Information (PHI)....