Health Insurance Portability and Accountability Act of 1996 (HIPAA) has had several enhancement periods since its enactment. Effectively since April 2005 nearly all Covered Entities have been required by law to comply with HIPAA. In 2009, the HITECH rules were implemented thus accelerating the adoption of Electronic Medical Records (EMRs) and introducing Meaningful Use incentives. HITECH enabled Risk Assessments to play more of a prominent role in many practices by adding a financial penalty for not complying with this aspect of HIPAA. In 2013, the Omnibus rules closed loop holes and tightened enforcement by making all Business Associates and their subcontractors equally as liable for HIPAA compliance.

Covered Entities include any service provider using Protected Health Information (PHI) for Treatment, Payment, or Healthcare Operations (TPO) whether they create, receive, maintain, or transmit (CRMT) PHI.

Business Associates are entities that act as a support structure for covered entities.

Are you a business associate?

  • This field is for validation purposes and should be left unchanged.

Business Associates include: Insurance brokers, Insurance Associates, Collection Agencies, Financial Services, Accountants, Lawyers, Billing Agencies, Payment Processors, Credentialing service providers, and other related healthcare support entities.