Business Associate Agreements
Kegler Brown Business Tax Alert August 28, 2013
Sweeping changes to the Health Insurance Portability and Accountability Act, aka HIPAA, took effect this year. If you or your company does any work with a health care provider, health plan or health care clearing house (“covered entities” under HIPAA), or a “business associate” to a covered entity, you may be asked to sign a business associate agreement. Before you sign a business associate agreement, you need to be sure that you are in fact a business associate. There are specific and onerous administrative requirements for business associates, and the civil penalties for a HIPAA violation are steep (up to $1.5 million).
Generally, a “business associate” is a person or entity who works with a health care provider, health care plan or health care clearing house and has access to protected health information (PHI). Business associates include any subcontractor of a business associate who creates, receives, maintains or transmits PHI. If you are a business associate, you will be required to undertake significant compliance obligations such as developing and incorporating policies and procedures which protect both the security and privacy of PHI. Business associates are directly liable for HIPAA violations.
Should you be asked to sign a business associate agreement or otherwise agree to comply with HIPAA, you should talk to your attorney.