Sharing Health Info With Vendors? Consider Them BAs

Posted on 22 Sep, 2015 |comments_icon 6|By Chris Boucher

Some vendors might balk, but it’s the rule.

Medical practices often have to do business with outside vendors. Many of these outside vendors are bound to follow business associate (BA) guidelines under the Health Insurance Portability and Accountability Act (HIPAA).

To avoid any confusion or angst during your vendor negotiations, be sure to know if, and when, a vendor is a BA.

Transmitting Health Info Translates Into BA Status

Any vendor that gets anywhere close to your patient’s health information is a potential BA to HIPAA.

Expert input: The vendor is a HIPAA BA if it receives, maintains, stores, accesses, or transmits health-related information in the course of providing services, according to a June 9 blog posting by partner attorney Laurie Cohen for the law firm Nixon Peabody LLP.
The feds might also consider a vendor a BA if the health-related information is protected health information (PHI), as defined by HIPAA, and if that PHI originates from a covered entity (CE).

BAs Must Follow Specific Protocol

Though it’s rare, some vendors might initially object to being categorized as a BA, because any BA must play by some pretty stringent rules. According to Cohen, at a minimum, a HIPAA BA must:

  • develop HIPAA privacy, security, and breach notification policies;
  • perform a security risk assessment;
  • provide HIPAA education to its workforce; and
  • prepare a BAA to use with its own subcontractors who receive, maintain, store, access, or transmit PHI in the course of providing services.

Any BAs that you work with must understand the requirements and their responsibilities under HIPAA. This is especially important as the HHS Office for Civil Rights (OCR) rolls out its audit process later this year, which is also expected to target CEs as well as their BAs, Cohen warned.


Chris Boucher

Chris Boucher has nearly 10 years of experience writing various newsletters and other products for The Coding Institute. His blog will cover several areas of coding and compliance, including CPT® coding, modifiers, HIPAA compliance and ICD-10 coding.

More from this author

View More

6 thoughts on “Sharing Health Info With Vendors? Consider Them BAs

  1. Thank you a lot for providing individuals with an extraordinarily wonderful possiblity to read from this site. It can be very terrific and also packed with a good time for me and my office mates to search your website particularly thrice per week to study the latest stuff you have got. And of course, I am usually fulfilled with the surprising knowledge you serve. Selected 4 areas in this posting are particularly the most efficient we have had.

  2. I just wanted to compose a quick remark in order to say thanks to you for all the remarkable steps you are giving on this website. My time intensive internet look up has at the end of the day been paid with brilliant ideas to write about with my visitors. I would say that many of us website visitors are undoubtedly endowed to be in a useful community with so many brilliant people with useful principles. I feel pretty lucky to have discovered the site and look forward to many more fun times reading here. Thanks once more for a lot of things.

  3. I must express some appreciation to this writer for rescuing me from this particular predicament. Right after scouting throughout the the net and meeting things that were not helpful, I assumed my life was gone. Being alive without the solutions to the problems you have solved by way of the review is a critical case, as well as the ones which may have in a wrong way affected my career if I hadn’t come across your website. Your good knowledge and kindness in controlling a lot of things was excellent. I’m not sure what I would’ve done if I had not come across such a thing like this. I can also at this point relish my future. Thanks for your time so much for your professional and amazing help. I will not think twice to suggest your web site to anyone who needs to have guidance on this subject.

  4. I precisely needed to thank you so much once more. I am not sure what I could possibly have undertaken in the absence of those points contributed by you relating to my concern. Entirely was a frightful scenario in my view, however , encountering the very well-written technique you dealt with it forced me to leap for delight. I will be thankful for this advice and even wish you find out what a powerful job you have been getting into teaching some other people through your webpage. Probably you’ve never met all of us.

  5. I want to voice my respect for your generosity in support of folks who need assistance with your matter. Your real commitment to passing the solution all-around had been definitely useful and have continuously empowered ladies much like me to get to their goals. Your own warm and friendly recommendations implies so much to me and substantially more to my office workers. With thanks; from each one of us.

Leave a Reply

Newsletter Signup