The University of Texas Health Science Center at San Antonio, Office of Regulatory Affairs and Compliance, Compliance Office 210-567-2014, Compliance Line 1-800-500-0333
REGULATORY AFFAIRS & COMPLIANCE HOME POLICIES & PROCEDURES COMPLIANCELINE CONTACT INFORMATION UNIVERSITY HOMEPAGE
HIPAA Compliance Program

 

 

Patient Rights Under HIPAA

Patient Privacy Policies
and Procedures

Patient Privacy Forms

HIPAA Task Force

Training

Business Associates
   • Determining who is a
      Business Associate
   • Sample Agreement
      Provisions
   • Sample Business Associate
      Agreement for Attorneys

Disciplinary Guidelines

IRB Homepage (Research)

Selected Links

Office of Regulatory Affairs & Compliance Homepage

Help

             

 

Link to HIPAA Compliance homepage

Evaluation for Business Associates

 
How to determine who is a business associate:

Definition of Business Associate: A Business Associate is a person or entity to which the Health Science Center discloses protected health information so that the person/entity can carry out, assist with the performance of, or perform a function or activity for the Health Science Center.

PHI = Protected Health Information. A patient's or participant's (in the case of research) health information that identifies the person or can be used to identify the person.

Business Associate Test:

  1. Is UTHSCSA disclosing PHI?
  2. Does the recipient of the PHI provide a service to, for, or on behalf of UTHSCSA?
If the answer to both of the above questions is "yes", you may have a relationship that requires a business associate agreement.

Not Business Associates:

  • UTHSCSA's Workforce: Employees, faculty, residents, students
  • Health care workers providing treatment
  • Providers with staff privileges at the institution
  • Labs
  • Individuals or companies with very limited and incidental exposure to health information, such as telephone company, electrician, etc.
  • Companies that act as a conduit for PHI, such as the postal service, UPS, private couriers, etc.

Potential Business Associates:

  • Lawyers
  • External auditors or accountants
  • Professional translator services
  • Answering services
  • Consultants hired to conduct audits, perform coding reviews, etc.
  • Accreditation Agencies
  • Shredding Companies
  • Data Processing firms or software companies that may be exposed to or use PHI.
  • Medical Transcription Services, even if you contract with an individual, rather than a company.

Purpose of Business Associate Agreements
Any person or company that is a Business Associate will be required to sign a contract with special language mandated by the privacy rules. Business Associate Agreements will assist the Health Science Center in protecting our patients' health information when it is released to someone outside our organization.

Return to top of page

 

       

Top of Page | Patient Rights Under HIPAA | Patient Privacy Policies & Procedures | Patient Privacy Forms
HIPAA Task Force | Training | Business Associates | IRB Homepage (Research)
Selected Links | Office of Regulatory Affairs & Compliance | Help | University Homepage

Links provided from Health Science Center pages to other websites do not constitute or imply an endorsement of those sites, their content, or products and services associated with those sites.

© 2002-2003 UTHSCSA HIPAA Compliance Program
Created 04 December 2002. Updated 10 October 2005.
Comments or questions about this website: knight@uthscsa.edu

university seal