Business associate is an individual, group or an organization which participates or performs some activities on behalf of the Covered Entity in a capacity as a business partner and is not member of the workforce of the Covered Entity. The Privacy Rule lists some of the functions or activities, as well as the particular services, which makes a person or entity Business Associate, if the activity or service involves the use or disclosure of protected health information. The types of functions or activities that may make a person or entity a business associate includes payment or health care operations activities, as well as other functions or activities regulated by the Administrative Simplification Rules.
The new amendment to HIPAA Privacy and Security rule recently passed by Health Information Technology for Economic and Clinical Health Act (HITECH Act) and which came into effect from February 17, 2010 makes it mandatory for all the Covered entities to revise their Business Associate Contract. This has increased the scope of the law as more entities are obliged to follow the HIPAA compliance norms. At same time the amendment adds more responsibilities on the existing Business Associates.
The Covered Entities and their existing Business Associates now have to re-negotiate their existing contracts to achieve HIPAA compliance. The Business Associates now on, have to take adopt additional procedures to completely fulfill the physical, administrative, technical and documentation requirements of the rule. The amendment makes it mandatory for the Business Associate to report loss of unsecured data to the individual patients and/or the public media,depending upon scale of the violation.
The new regulatory requirements make it necessary for the Business Associate to thoroughly carry out the risk analysis for their systems and infrastructure to know the existent loopholes in the security. The next step is to develop appropriate policy which effectively removes the security loopholes by incorporating technical security measures like email encryption, user account management, auditing and a proper disaster backup plan.
Henceforth the Business Associate will also play a more responsible and active role in secure management of the patient health information, which earlier, before this amendment, was sole responsibility of the Covered Entity.
Business Associate plays important role in preserving the privacy of the patient health information.
Read more on HIPAA compliance at, www.empowerbpo.com