HIPAA Business Associate Agreement for Chiropractors
HEALTHCARE Law
Why Do I Need This?
When a chiropractor does business with a person or entity that requires that person or entity to have access to patient records or other protected health information (PHI), the chiropractor must have that person or entity sign a Business Associate Agreement. In other words, whenever a chiropractor does business with a contractor or vendor, a Business Associate Agreement is required when that contractor or vendor might receive protected health information.
HIPAA defines a “business associate” as a person or entity who performs services or activities on behalf of a “covered entity”. A business associate often creates, receives, maintains, or transmits PHI. For example, a business associate could be an attorney, accountant, coding and compliance professional, billing company, etc. A “covered entity” is the chiropractor or other health care provider. A “covered entity” is anyone who provides treatment, payment and operations in healthcare. “Protected Health Information (PHI)” is any information or data that relates to the health or condition of an individual, the provision of healthcare to an individual, or the payment for health care services that is transmitted or maintained by electronic media or any other form or medium. PHI includes a patients’ identifiable health information (e.g. name, phone number, email address, social security number, etc.), medical history, test results, insurance information, and any other information that can be used to identify the patient.
A “Business Associate Agreement” is a written contract that serves to describe and clarify the permissible uses and disclosures of the protected health information by the business associate. It also provides the chiropractor with assurances from its business associate that the business associate will properly safeguard the PHI it receives. HIPAA requires that these assurances must be in writing. In addition, a Business Associate Agreement sets forth each party’s responsibilities when it comes to the PHI and use of a Business Associate Agreement can also shift the liability to the business associate in the event of a data breach by the business associate.