• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube
Big Ideas for Small Business logo

Barbara Weltman

Big Ideas for Small Business, Inc.

Whitepaper download

Subscribe and download our eBook, "150+ Tax Deductions for Small Business A to Z."

This field is hidden when viewing the form
Get the:

  • Home
  • About Us
  • Big Ideas For Your Business
    • Idea Of The Day ®
    • SMB Legal
    • SMB Taxes
    • SMB Financial
    • Small Business
    • Newsletter Archive
  • Services
  • Books
  • Blog
  • Multimedia
    • Videos
    • Radio Shows/Podcasts
  • Be a Guest Blogger

Should You Sign a Business Associate Agreement?

October 9, 2014 / By Barbara Weltman

Follow @BarbaraWeltman

No, this isn’t a contract to do business with another firm. It is an acknowledgment you may be asked to sign if you do business with a medical office or other “covered entity” and you have access through your work to protected patient information (including a patient’s name, address, and Social Security number). It requires you, as a business associate, to protect the privacy of the covered entity’s patient information.

If you never do business with any covered entity, you can ignore the information about a business associate agreement, but if you now do or plan to do business with a covered entity, here’s a heads up.

Who may be asked to sign
The regulations related to a business associate agreement came out last year, but not all health care providers have yet reached out to their potential business associates.

A business associate is defined as: A person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity (e.g., doctor or dentist, medical practice). A business associate often is an individual or a small business.

The following is a list of examples of potential business associates compiled by HHS:

  • A third party administrator that assists a health plan with claims processing.
  • A CPA firm whose accounting services to a health care provider involves access to protected health information.
  • An attorney whose legal services to a health plan involve access to protected health information.
  • A consultant that performs utilization reviews for a hospital.
  • A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.
  • An independent medical transcriptionist that provides transcription services to a physician.
  • A pharmacy benefits manager that manages a health plan’s pharmacist network.

Even though omitted from this list, I think that an outside bookkeeper (e.g., a QuickBooks expert) would also be treated as a business associate if the person has access to protected health information.

Obligations under the agreement
The business associate agreement sets forth the obligations of each party to it. HHS requires the agreement to:

  1. Establish the permitted and required uses and disclosures of protected health information by the business associate;
  2. Provide that the business associate will not use or further disclose the information other than as permitted or required by the contract or as required by law;
  3. Require the business associate to implement appropriate safeguards to prevent unauthorized use or disclosure of the information, including implementing requirements of the HIPAA security rule with regard to electronic protected health information;
  4. Require the business associate to report to the covered entity any use or disclosure of the information not provided for by its contract, including incidents that constitute breaches of unsecured protected health information;
  5. Require the business associate to disclose protected health information as specified in its contract to satisfy a covered entity’s obligation with respect to individuals’ requests for copies of their protected health information, as well as make available protected health information for amendments (and incorporate any amendments, if required) and accountings;
  6. To the extent the business associate is to carry out a covered entity’s obligation under the privacy rule, require the business associate to comply with the requirements applicable to the obligation;
  7. Require the business associate to make available to HHS its internal practices, books, and records relating to the use and disclosure of protected health information received from, or created or received by the business associate on behalf of, the covered entity for purposes of HHS determining the covered entity’s compliance with the HIPAA privacy rule;
  8. At termination of the contract, if feasible, require the business associate to return or destroy all protected health information received from, or created or received by the business associate on behalf of, the covered entity;
  9. Require the business associate to ensure that any subcontractors it may engage on its behalf that will have access to protected health information agree to the same restrictions and conditions that apply to the business associate with respect to such information; and
  10. Authorize termination of the contract by the covered entity if the business associate violates a material term of the contract.

Note: Agreements between business associates and business associates that are subcontractors are subject to these same requirements.

Violating an agreement
If you sign a business associate agreement (you may not have a choice if you want to do business with a covered entity), you face an array of problems.

  • You have costs associated with patients’ notification if there is any security breach of their privacy. This cost may be shared with the covered entity if you spell this out in your agreement.
  • You are contractually liable to the covered entity for violations of your agreement.
  • You are directly liable for violations of HIPAA rules. This can expose you to civil and, in some cases, criminal penalties.

Learn more
The Department of Health and Human Services (HHS), which oversees the Health Insurance Portability and Accountability Act (HIPAA), has a sample business associate agreement and other information here.  Talk with a knowledgeable attorney before you sign anything!!

Tags Barbara Weltman business associate HIPAA security rule medical office patient information protected health information regulations small business

Primary Sidebar

Categories

  • General Business (498)
  • Guest Blog (110)
  • Homepage (23)
  • Small Business (993)
  • SMB Financial (324)
  • SMB Legal (66)
  • SMB Taxes (325)

Barbara’s Recent Posts

  • 9 Smart Financial Decisions for Business Owners in Retirement June 6, 2025
  • Preview of Tax Changes this Year: Actions to Take Now June 5, 2025
  • Becoming Penniless: What Does this Mean for Your Business? June 3, 2025
  • Scale Your Business by Stepping Up IP Protection May 29, 2025
  • Disasters Happen: It’s Important to Be Prepared Now May 27, 2025
  • How Work Order Software Transforms Small Business Operations May 26, 2025
  • The Numbers Are Up for Sole Proprietorships May 22, 2025
  • New Business or Project Crowdfunding: What To Know May 20, 2025
  • Old-School Estimating vs. Smart Solutions: What’s Really Holding You Back? May 19, 2025
  • Employees Getting Called to Public Service: What to Know May 15, 2025
  • Not Too Late to Prep for Summer Now May 13, 2025
  • How Will the Next Generation of Learners Affect the Workplace May 12, 2025
Awarded Top 100 Small Business Blog medal (link will open in a new window or tab)
Marquis Who's Who 2023 Badge
Top Small Business Blogs (Link will open in a new window or tab.)
8 Financial blogs small business Owners Need to Read. Invoice home.  (link will open in a new window or tab)
Best Small Business Blog, Expertido.org
Top 50 Small Business Blogs 2018
Best Small Business Blogs
BizHumm Top 100 Business Blog Award to Barbara Weltman
FitsSmallBusiness.com: Award for Best Small Business Blog 2017 (link will open in a new window or tab)
FitsSmallBusiness.com: Award for Best Small Business Blog 2016 (link will open in a new window or tab)

Footer

Big Ideas for Small Business logo

Small business ideas, business tax news and small business consulting from Barbara Weltman to provide business owners with the information they need to succeed. Visit our small business blog, Idea of The Day®, small business books and articles on small business taxes, small business finance and small business legal advice.

Contact Us

[email protected]

(772) 492-9593

gacor maxwin situs slot thailand terpercaya situs slot gacor situs gacor akun pro thailand slot bandar togel terpercaya

Latest Tweets

bigideas4sb Big Ideas for Small Business® @bigideas4sb ·
June 5

ChatGPT introduces meeting recording and connectors for Google Drive, Box, and more | TechCrunch https://tcrn.ch/43ZMoMl #chatGPT #smallbusiness #techupdates

Reply on Twitter 1930746536327049480 Retweet on Twitter 1930746536327049480 Like on Twitter 1930746536327049480 Twitter 1930746536327049480
bigideas4sb Big Ideas for Small Business® @bigideas4sb ·
June 5

Demographics Matter Most https://bit.ly/44OEUg7 #business #demographics

Reply on Twitter 1930701301039391157 Retweet on Twitter 1930701301039391157 Like on Twitter 1930701301039391157 Twitter 1930701301039391157
bigideas4sb Big Ideas for Small Business® @bigideas4sb ·
June 5

Need some expert help with your website? Try website development services by freelance web developers | Fiverr https://bit.ly/3ZNRzwq #projectwork #webdevelopers #freelance

Reply on Twitter 1930689859238179212 Retweet on Twitter 1930689859238179212 Like on Twitter 1930689859238179212 Twitter 1930689859238179212
Load More

Copyright © 2008–2025 Big Ideas for Small Business, Inc  |  Designed by Hudson Fusion

  • Privacy Policy
  • Sitemap