In a recent  blog post, we addressed the importance of hospitals establishing and monitoring Business Associate Agreements with contractors who touch protected health information (PHI). Most hospitals and other HIPAA-covered entities, e.g. payors, physician practices and pharmacies, outsource a myriad of services for better, cost-effective operational results. Many of these services “touch” PHI, e.g. transcription services, revenue cycle managers, IT support and many other clinical and non-clinical functions. They are deemed HIPAA business associates (BAs) as of the 2013 Omnibus HIPAA Rule, and are accountable (think fines and even prison time) for PHI breaches. Many hospitals and their contractors still don’t know this or just aren’t on top of this issue. Read on for our newest infographic that simplifies the risks of HIPAA business associate relationships.

Data security and privacy breaches by business associates have exploded in recent years, but diligent management by your hospital via proper procedures will minimize its risks. One of the most notable impacts of the 2013 Omnibus HIPAA rule was the expanded definition of business associates; since then individuals and entities that qualify are subject to the same hefty penalties as covered entities. Moreover, they are required to have BA agreements with their sub-contractors.

Who qualifies as a business associate, and what are your and their risks for non-compliance? See our infographic below on the risks of HIPAA BA relationships…share it with your colleagues AND your business associates!