By law, the HIPAA Privacy Rule applies only to covered entities – health plans, health care clearinghouses, and certain health care providers. In most situations, health care providers and health plans do not carry out all their health care activities by themselves. Instead, they often use the services of other entities which are considered “business associates.” These entities must also understand the HIPAA Privacy Rule and are expected to take HPAA for business associates training. It is important they understand HIPAA Compliance for business associates.
The Privacy Rule allows covered entities to disclose protected health information to these “business associates.” The covered entity must obtain satisfactory assurances that the business associate will use the information only for the purposes for which it was engaged by the covered entity. They must also safeguard the information from misuse and will work with the covered entity to comply with the covered entity’s duties under the Privacy Rule.