Typical business that fall under the “business associate” umbrella are:
Computer support companies
Temporary medical staff companies
…basically any service that may come into contact with patient information.
What most medical support businesses do not realize is, you are technically a “business associate” with your medical practice client.
In the simplest of terms this means:
You need to have a signed business associates agreement in place
You need to prove to your medical client that you and all of your staff are complying with HIPAA requirements.
It is the responsibility of your medical client to implement the business associates agreement, and before you can sign it you need to ensure you are doing what is expected of you.
One of those items expected of you is every person in your business who may “touch” (yes, even remotely) a medical client’s Patient Health Information…every person must have HIPAA awareness training.
This is an outstanding way to make your medical support business stand out from others and enables you to know what you actually need to be doing to ensure your client is setup in a HIPAA compliant manner.