What Is a Business Associate Agreement?
A business agreement governs the relationship between two parties who are exchanging information and services. The agreement serves as a guideline for how the information may be used so that both parties are properly protected in case of legal problems. A business associate agreement is a particular kind of business agreement used primarily in one industry.-
HIPAA
-
While there are many business agreements, a business associate agreement is a particular contract that is used by the health industry between organizations and patients. This agreement directly stems from the Health Insurance Portability and Accountability Act of 1996, or HIPAA. This act included the definitions and terms used to create business associate agreements.
Associate Requirements
-
The definitions in a business associate agreement are based on how PHI, or protected health information, is treated. If one party is creating, accessing, using, disclosing or storing protected health information to carry out a particular task for the covered entity (often the patient or a related organization), then he is the business associate. This includes entities involved in claims processing, data analysis, billing, record storage and many other health care fields.
Definition
-
The business associate agreement governs the use of protected health information, specifically by entities who are not doctors or hospitals. This means that those who are actually performing medical treatments or operations do not need to use the agreements. They are documents intended to allow other entities in the health care process to have the same access to PHI as doctors and related organizations do.
Health Information
-
In a typical situation, a patient will sign a business associate agreement, authorizing disclosure of certain health information. The agreement contains which health information is being disclosed, who is able to make this disclosure, the only people or entities that the disclosure can be made to and an expiration date at which the information can no longer be disclosed.
Use of Information
-
The agreement also specifies how the heath information will be used by the business associate. The associate must have various safeguards in place to protect the information properly and is required to report any unauthorized use of the information immediately. The patient or related entity signed the agreement has the ability to revoke the disclosure in the case of certain events, some of which can trigger an automatic termination of the agreement itself.
-