HIPAA Compliant Vendors

The Importance of Hiring HIPAA Compliant Vendors


March 5, 2017 | Reading Time: 1 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

For behavioral health professionals, finding HIPAA compliant vendors is an important step toward protecting patient privacy and data security.

Any vendors with whom you share protected health information (PHI)–such as patients’ medical data, dates of birth, names, addresses, social security numbers, or financial information–are considered business associates under HIPAA regulation. A business associate is defined as any vendor who in any way handles PHI over the course of the work they’ve been hired to do. Some common examples include IT professionals, lawyers, accountants, or storage facilities, among many others.

When it comes to sharing PHI, behavioral health professionals need to ensure that their vendors are going to keep that data secure.

HIPAA Compliant Vendors for Telebehavioral Health

Telemental and telebehavioral health professionals, in particular, face this challenge with chat and video clients used over the course of telebehavioral health treatment. These service providers are considered HIPAA business associates because of their role in the direct transmission of PHI from the patient to the counselor or therapist.

Any chat or video clients used in the course of treatment must be HIPAA compliant, otherwise telebehavioral health professionals expose their practice to HIPAA violations.

In 2016, The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) levied millions in fines for the unlawful disclosure of PHI to business associates. The best way to protect your practice is to seek out vendors with HIPAA compliant services and execute a proper Business Associate Agreement before sharing PHI.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

BCTP®-I Telehealth Training & Certificate

Clinicians seeking an orientation to legal, ethical, technical, and clinical issues will find this program a good place to start.

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...