The term Business Associate refers to a non-employee who creates, receives, maintains or transmits PHI or ePHI on behalf of a Covered Entity. Some examples of Business Associates are:
-IT Service Providers
-Vendor Support (Practice Management, Imaging – anyone who needs to gain access to your network and/or database)
-Appointment Reminder Systems
-Collection Agencies
-Document Shredding Companies
and more.
It is important that Covered Entities (Dr.) assign responsibility to these companies or people with a Business Associate Agreement. Many Business Associates have their own, however, beware of loopholes, such as the Business Associate not assuming financial responsiblity if they cause a breach. They could be skirting their responsibility and making you financially responsible for their mistakes.
