What does it mean to be a business associate?

Featured image

Share this article

What does it mean to be a Business Associate? - Paubox


Table of Contents:



What is a Business Associate?

Simply put, a Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information for a Covered Entity.

By law, the HIPAA Privacy Rule applies only to Covered Entities. Covered Entities are typically health plans, health care clearinghouses, and certain health care providers.

Most Covered Entities however, do not carry out all of their health care activities and functions by themselves. Instead, they often use the services of a variety of other organizations.

If these services involve the use of protected health information, that means that organization is a Business Associate.

Learn more: Business Associates [HHS]

What is the Role of a Business Associate?

In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule.

Here are some examples of services provided by Business Associates:

  • Claims processing or administration
  • Data analysis, processing or administration
  • Utilization review
  • Quality assurance
  • Billing
  • Email security
  • Benefit management
  • Practice management
  • Repricing

Are employees of a Covered Entity considered Business Associates?

No. Employees of a Covered Entity are not considered Business Associates.

Is it possible to be both a Covered Entity and a Business Associate?

Yes, it is possible to be classified as both a Covered Entity and a Business Associate.

For example, a covered entity such as a health care provider, health plan, or health care clearinghouse can also be a business associate of another covered entity.

Subcontractors and Business Associates

Any subcontractor of a Business Associate that creates, receives, maintains, or transmits protected health information on behalf of the BA is itself also a Business Associate.

This distinction is often overlooked.

What is the purpose of a Business Associate Agreement?

A Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required for HIPAA compliance. At a minimum, there are 10 provisions that must be covered by a Business Associate Agreement (BAA).

If you are a covered entity entrusting protected health information to a third party, then a Business Associate Agreement is required by law.

Read full article: Business Associate Agreement Provisions

Do Business Associate Agreements expire?

A Business Associate Agreement (BAA) is required to be in place for the entire duration of services provided by a Business Associate to a Covered Entity.

If a BAA has an expiration date in it, that’s a red flag and is the same as not having one at all.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022