What is a “business associate” as far as HIPAA is concerned?
According to the American Medical Associations Field Guide to HIPAA Implementation, “The Privacy Rule contains a two-part definition of business associate. First a business associate is a person or entity that performs or assists in the performance of a service or function on behalf of a medical practice when the function or activity involves the use or disclosure of individually identifiable health information, including: claims processing or administration; data analysis, processing, or administration; utilization reviews, quality assurance; billing; benefit management; practice management; repricing; or any other function or activity regulated by the Privacy Rule. “Second, the definition of business associate also includes persons to whom PHI is disclosed by the medical practice (or by another business associate of the medial practice) and who provide any of the following types of professional services to or for the medical practice: legal, actuarial, accounting, consulting, data ag
