Podiatry Coding & Billing Alert

Reader Question:

Delve Into HIPAA for Greater Understanding

Question: Could you please explain how HIPAA defines a company as a “business associate” or not?

Hawaii Subscriber

Answer: The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule clearly outlines what data covered entities (CEs) must protect when it comes to patients’ data. However, most physicians rely on business associates (BAs) to successfully address administrative responsibilities involving patients, and the compliance of those vendors is essential for you to stay out of hot water.

To make sure your practice remains HIPAA-compliant, you must know what protected health information (PHI) can be disclosed, and to whom, and when.

“A ‘business associate’ is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity,” says the HHS Office for Civil Rights (OCR). “A member of the covered entity’s workforce is not a business associate. A covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity.”

Tip:  Those who may have access to PHI include not only attorneys and accountants, but also computer and medical hardware repair businesses, EHR software vendors, off-site billing and coding companies, physical security providers, and cleaning crews who might have access to your documentation or patients.

Here are some examples of BAs, as outlined by the OCR:

  • A third-party administrator who assists a health plan with claims processing
  • A CPA firm whose accounting services to a healthcare provider involve access to PHI
  • An attorney whose legal services to a health plan involve access to PHI
  • A consultant who performs utilization reviews for a hospital
  • A healthcare clearinghouse that translates a claim from a nonstandard format into a standard transaction on behalf of a healthcare provider and forwards the processed transaction to a payer
  • An independent medical transcriptionist who provides transcription services to a physician.
  • A pharmacy benefits manager who manages a health plan’s pharmacist network.


Other Articles in this issue of

Podiatry Coding & Billing Alert

View All