The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology and Quality

A-Z Index  |  Questions?  |  Order Publications  |  HRSA Mobile

What is a "business associate" under HIPAA?

The term "business associates" refers specifically to a person or organization that conducts business with the covered entity that involves the use or disclosure of individually identifiable health information.  Business associates include those that perform services on behalf of the covered entity, such as claims processing, data analysis, utilization review, and billing, or provide services to the covered entity, such as legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services.  To be a business associate, the work of an organization must deal directly with the use or disclosure of protected health information. 

The HITECH Act also specifies that an organization that provide data transmission of PHI to a covered entity and that requires access to PHI on routinely will be treated as a business associate.  Such an organization may include: a Health Information Exchange Organization, a Regional Health Information Organization (RHIO), an e-Prescribing Gateway, or a PHR vendor that contracts to have its product included as part of a covered entity's EHR.

Related Resources:
Summary of the HIPAA Privacy Rule: Business Associates - Developed by the Office for Civil Rights at the U.S. Department of Health and Human Services (2003).  This site provides a summary of the HIPAA Privacy Rule.

Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.
Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care.  More>
Stay Informed