Find-A-Code Focus Newsletter

Who in the World are my Business Associates?

September 03, 2014

The associates in the provider’s world and healthcare society are filled with loads of potential business associates and endless individual identifiable health information.

 We have had so many questions about business associates I thought I would go to the source and put together some information from, otherwise known as U.S. Department of Health & Human Services. Maybe I can clear up a few common questions and give you some other resources to do your own research if you would like.   

 First of all … what is PHI or Individually Identifiable Health Information (HHI)?   Basically; it is any information used to identify an individual patient as well as information created or received that has anything to do with a patient. Including demographics as well as past present or future health condition. Specifically; anything that can be used to reasonably identify an individual or treatment.

Why do I need a contract with my Business Associates?

The reason behind the Privacy rule is to obtain assurances from your business associates that they will safeguard the protected health insurance information. This is now required in writing in the form of a contract, called Business Associate Agreement. To learn more about this InstaCode (  has written a book called “Complete and Easy HIPAA COMPLIANCE”   the third edition is the most recent. To order your book go to  Your Business Associate Contracts must contain the elements specified at 45 CFR 164.504(e), such as describing the permitted and required uses of PHI by the associate, and that they will not use or disclose the PHI for anything other than as required by law. Also, if there is a breech the covered entity must make the appropriate steps to cure the breech or end the violation it must be made clear how the issue will be resolved.


Who is a covered entity?  

The HIPPA Privacy Rule only applies to covered entities – Health Plans, Health Care Clearinghouses and certain health care providers.  

 Examples and Potential Business Associates:

(This is not a complete list – Examples only)

  • A third party administrators
  • Anyone assisting a health plan with claims processing. 
  • A CPA firm whose accounting services to a health care provider involve access to protected health information. 
  • An attorney whose legal services to a health plan involve access to protected health information. 
  • A consultant that performs utilization reviews for a hospital. 
  • A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer. 
  • An independent medical transcriptionist that provides transcription services to a physician. 
  • A pharmacy benefits manager that manages a health plan’s pharmacist network.
  • Lawyers
  • External auditors or accountants
  • Professional translator services
  • Answering services
  • Consultants hired to conduct audits, perform coding reviews, etc.
  • Accreditation agencies
  • Shredding and/or documentation storage companies
  • Data processing firms or software companies that may be exposed to or use PHI.
  • Medical transcription services, even if you contract with an individual rather than a company.
  • Medical equipment service companies handling equipment that holds PHI.
  • E-prescribing Gateways
  • Health information organizations

Who is not a business associate?

(This is not a complete list – Examples only)

 An External researcher

  • Another healthcare provider
  • Banking and financial institutions or consumer conducted transactions
  • Collections agency
  • Janitorial or electrician
  • US Postal Service

 FAQ’s from

Q. Is the US Postal Service, United Parcel Service, delivery truck line employees and/or their management a considered a business associate?



Q. Is a physician or other provider considered to be a business associate of a health plan or other payer?

 A.  Generally, providers are not business associates of payers.


Q. Is a software vendor a business associate of a covered entity?

A. YES; if your software vendor has access to the PHI, however you may chose to treat the covered entity as an employee, rather than a business associate.


Q. Instead of entering into a contract, can business associates self-certify or be certified by a third party as compliant with the HIPAA Privacy Rule?

A. No. A covered entity is required to enter into a contract or other written arrangement with a business associate that meets the requirements at 45 CFR 164.504(e).


Q. Do physicians with hospital privileges have to enter into business associate contracts with the hospital?

A. No.


Q. Are accreditation organizations business associates of the covered entities they accredit?



Q. Is a health insurance issuer or HMO who provides health insurance or health coverage to a group health plan a business associate of the group health plan?



Q. When is a health care provider a business associate of another health care provider?



Q. Is a business associate contract required for a covered entity to disclose protected health information to a researcher?



For more information on Exceptions to the Business Associate Standard andother situations in which a business associate contract is NOT required check out these resources:


More Items in September 2014

To view more items select a month from our "Items by Month" list.

Or view documentation, coding and billing articles.



The ideal length of a webinar should be around:

News Items by Month
July 2020- 1
May 2020- 1
April 2020- 1
March 2020- 1
February 2020- 4
January 2020- 2
December 2019- 1
November 2019- 1
October 2019- 4
September 2019- 2
August 2019- 3
July 2019- 3
May 2019- 2
April 2019- 3
March 2019- 9
February 2019- 3
January 2019- 5
2018 - View
2017 - View
2016 - View
2015 - View
2014 - View
2013 - View
2012 - View
2011 - View
2010 - View
2009 - View
2008 - View
free demo
request yours today
for any budget
sign IN
welcome back!

Thank you for choosing Find-A-Code, please Sign In to remove ads.