Under the Health Insurance Portability and Accountability Act (HIPAA), a business associate is a person or organization, other than an employee of a covered entity, that performs certain functions on behalf of, or provides certain services to, a covered entity that involve access to Protected Health Information (PHI). A business associate can also be a subcontractor responsible for creating, receiving, maintaining, or transmitting PHI on behalf of another business associate. Business associates provide services to covered entities that include: accreditation; billing; claims processing; consulting; data analysis; financial services; legal services; management administration; and utilization review. NOTE: A covered entity can be a business associate of another covered entity.
Retrieved and adapted from HIPAA. (2018). https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/HIPAAPrivacyandSecurity.pdf