Business Associate Security Policies Suite

Many companies use outside resources to complete services; any person or entity outside of the company who serves a covered entity is known as a business associate.  Situations where covered entities must allow business associates to have access to electronic protected health information (e-PHI) include accounting, auditing, legal matters, administrative services, medical transcriptions, etc.

The Business Associate Security Policies Suite instructs covered entities in how to keep PHI secure when it is outsourced to companies who need information to complete their service. It will address integrity in the use and transmission of e-PHI to business associates within the contracted reason for giving access. These contracts may vary greatly depending on whether a business associate is internal or external.

Internal associates are those within DHHS or form a part of DHHS while external associates are independent contractors or entities that work along with the DHHS healthcare covered entities.

The Business Associate Security Policies Suite covers the requirements for business associates under HIPAA including the following:

  • Safeguards for keeping e-PHI/PHI protected
  • Security and privacy training programs
  • Agreements of non-disclosure/confidential data or information.
  • Reports on Security and Privacy breaches
  • Returning e-PHI upon termination of the Business Associate Agreement
  • Efficiency in providing a report or account on all disclosures upon request or when required.
  • Ensuring minimal and secure use, transmission and transfer of e-PHI.
  • Restrictions or stringent security measures on exchange of e-PHI for compensation without the directives to do so.
The Business Associate Security Policies Suite both guides and warns business associates. Large fines and heavy penalties are aimed at any business associate who fails to follow the laws involving how to correctly handle e-PHI. Business Associates can learn from this Suite how to properly follow HIPAA Security rules, and avoid civil damages, injunctions, and fines..