How do I determine who is a Business Associate to our practice? 


A Business Associate is formally defined as: "a person or entity that performs certain functions or activities that involve the use or disclosure of PHI (protected health information) on behalf of, or provides services to, a covered entity" (Reminder: Your practice is a covered entity).

A member of the covered entity's workforce is not a business associate. Common examples of business associates (but not a complete list) includes:

  • Billing service
  • Cloud storage provider
  • A consultant that performs file reviews or audit consulting where PHI identifiers have not been removed
  • An independent medical transcriptionist that provides transcription services to a health care provider