HIPAA Business Associates, EHR Software

HIPAA Business Associates


October 13, 2018 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

How to Work With HIPAA Business Associates Without Breaking the Law

HIPAA business associates are an important part of running any behavioral health practice. These vendors and service providers help keep your business running so you can better serve your patients. But how can you know how to identify and work with your HIPAA business associates while trying to run your behavioral health practice?

Understanding HIPAA Business Associates

HIPAA can best be understood as a series of national standards meant to ensure that privacy and security of protected health information (PHI). PHI is defined as any demographic information that can be used to identify a patient. Common examples of PHI include names, addresses, dates of birth, phone numbers, Social Security numbers, health care records, and full facial photos, to name a few.

Under HIPAA regulation, there are two different categories of entities that must be compliant. HIPAA covered entities include health care providers, insurance companies, and health care clearinghouses that directly create PHI–including behavioral health professionals. HIPAA business associates are any organization hired by a covered entity whose job necessarily requires handling or encountering PHI in any way.

There can be many varieties of HIPAA business associates that behavioral health practitioners may encounter over the course of running a practice. Common examples of HIPAA business associates may include billing firms, video chat clients, IT providers, practice management firms, HR firms, and many more.

Understanding Business Associate Agreements

The most important thing to remember about HIPAA business associates is that, before any PHI may be shared, you must execute a HIPAA business associate agreement. HIPAA business associate agreements are contracts that must be executed between covered entities and HIPAA business associates. These contracts are mandated by HIPAA regulation, and are meant to protect both parties from liability in the event of a data breach caused by the other party.

An effective HIPAA business associate agreement must state that:

  • Both parties recognize that they are beholden to HIPAA regulation;
  • If the HIPAA covered entity is responsible for a data breach, the business associate cannot be held liable; and
  • If the HIPAA business associate is responsible for a data breach, the covered entity cannot be held liable.

Keep these measures in mind when working with and identifying your HIPAA business associates. Executing proper business associate agreements is essential to protecting your behavioral health practice from the risk of HIPAA violations and possible fines!

HIPAA Resources

Cyber Security

Telehealth Training Course

If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure.Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Therapist AI & ChatGPT: How to Use Legally & Ethically

Immerse yourself in our highly-engaging eLearning program and delve into the uncharted territory of Artificial Intelligence (AI) in Behavioral Healthcare!

Telepractice: Telehealth Law & Ethics Implementation Workshop

Comply with federal, state, national accreditation and association requirements for telehealth documentation.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...