What Is the Difference Between a Covered Entity and a Business Associate?
The distinction between a covered entity and a business associate is a critical one because the Health Insurance Portability and Accountability Act (HIPAA) privacy rules apply differently to covered entities as opposed to business associates. Understanding the difference is important in order to understand who might have access to your medical data and what they have the authority to do with that information. A business associate may handle information on behalf of a covered entity, but the associate is subject to different rules.-
Protected Health Information
-
Information protected under the HIPAA Privacy Rule is called protected health information. It includes any individually identifiable health information such as information that might personally identify someone, e.g., demographic data, specific health conditions, past and present treatments, which health care facilities and physicians someone has used, and standard identifiers such as name, address, date of birth, and Social Security number.
Covered Entity
-
Under HIPAA regulations, a covered entity may be a health plan, health care clearinghouse or health care provider that transmits any health information in electronic form in connection with a health-related transaction. All health care providers and health plans are considered covered entities. This means your hospital, doctor and insurance company, as well as any state, federal, private, employee or veterans' welfare health insurance plans are considered covered entities and thus obligated to comply with the HIPAA Privacy Rule.
Business Associate
-
A business associate performs services on behalf of covered entities that require the use of protected health information. This can include a wide array of potential services such as accounting, data management, document processing, billing or quality assurance. Business associates may thus have access to your protected health information. Covered entities are responsible for ensuring that their business associates are appropriately safeguarding protected health information.
Contracts and Assurances
-
If the relationship between a covered entity and its business associates is to be considered HIPAA compliant, the contract between them must specify what uses the business associate is permitted and required to make of the protected health information in its care and to ensure that the business associate safeguards the information appropriately. If the business associate is found to be in breach of this contract, the covered entity must take steps to correct the breach or to terminate the contract.
-
Healthcare Management - Related Articles
- What Is the Difference Between T4 & T3?
- What Is the Difference Between Cloning and Imaging?
- What Is the Difference Between Insurance and Discount Health Insurance?
- The Difference Between EMR and EHM
- What is the Difference Between EMR & EHR?
- What Is the Difference Between Sucrose and Sugar?
- What Is the Difference Between Phentermine and Fastin?