Business Associate (BA): This term has broad applicability under HITECH/HIPAA and includes "partners" wherein the product/service provided requires the disclosure of protected health information (PHI).
BA’s may include:
Accountants
Consultants
EHR/PHR Vendors
Potentially Many Others (e.g. HIE's, RHIO's, E-Prescribing Gateways)
So what? Relationships between a covered entity (CE) and a BA must be contractual if the product/service provided requires the disclosure of PHI. The HITECH Act significantly increases the number of “cooks in the compliance kitchen.” BA's are now directly "on the hook" for criminal and civil penalties under (42 U.S.C. 1320d–5, 1320d–6).
You can bet that BA's are going to be a lot more interested in HIPAA's Privacy & Security Rules and in ensuring that the requisite agreements are in place than they have been in the past. The HIPAA Security Rule in particular will require the services of a privacy lawyer that has broad technology experience.
Looking for a best of breed HIPAA Compliance Software?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAA experience?
