If you have advice for a company interested in implementing business associate compliance, please feel free to share your thoughts by utilizing the comments section below:

1. Navigating the rules that revolve around HIPAA can be extremely confusing. Covered entities are
always running the race to keep up with the changes that continually happen to HIPAA laws and
regulations. One group that may be surprised to learn that it, too, should be closely following
HIPAA regulations are the organizations and individuals that are classified as Business
Associates.

2. Business associate compliance can be even trickier in comparison to covered entities‟
compliance. Why? Simply because organizations and individuals may not even realize that they
are actually classified as Business Associates by the word of law.
According to the U.S. Department of Health and Human Services (HSS), “A „Business Associate‟
is a person or entity that performs certain functions or activities that involve the use or disclosure
of protected health information on behalf of, or provides services to, a covered entity.” This all-
encompassing definition depicts the vast range of people and organizations that fall under the
Business Associate role. This role includes job titles everywhere from CPAs that handle an
organization‟s accounting, to the document shredding and storage company that is in charge of
another company‟s records. All organizations that are categorized as Business Associates must,
of course, abide by compliance rules.
For companies that don't even realize their obligation to comply by these rules, time is of the
essence. Any organization that handles or works with protected health information (PHI) must
know that it is imperative to review and understand its role as a Business Associate and what
obligations come with such a title.
 Determining Relevance:
Of course, a company doesn‟t need to worry about business associate compliance if they
don‟t fall under the umbrella. However, as mentioned above, it can be hard for some
companies to realize their relevance in regard to these laws. Preventative measures can
begin by assessing how a company can come into contact with PHI. If personal data
crosses the hands of an organization‟s employees—in whatever possible form—business
associate compliance is an important topic to discuss and understand.
 Conducting an Assessment:
Organizations need to frequently reevaluate how they measure up to the constantly
changing laws of today. Conducting compliance assessments can not only help a
company understand where its gaps lie, but also shed light on its opportunities and future
successes. These assessments also provide hard-copy proof to compliance auditors,
should the need for such evidence ever arise. The HHS has created a risk assessment
program that can be downloaded by small as well as medium-sized organizations in

3. order to help them understand their role and potential security risks.
 Developing a Plan:
Any organization that touches PHI needs to have a Incident Response Plan (IRP) in
place. An IRP is designed to help ensure that an organization is ready to conquer any
problem that may arise as a result of a breach in compliance. In fact, an IRP can help a
company's staff mitigate any issue before it even has a chance to escalate. Successful
IRPs identify each role a person plays, defines that role and explains their important
responsibilities. Last but certainly not least, IRPs can help guide staff members to
understand what a compliance breach is and provide a route to manage any future
breaches.
 Implementing Methodologies:
Once a plan has been put in place, an organization must set up a method that can help
protect it from compliance issues. Risk assessment software is the perfect procedure a
company can implement. Software such as this can track compliance issues as well as
help enable an organization to pin point where its issues lie, understand how it can fix
these problems and ultimately come out on top of the game. With the necessary help of
proper tools such as risk assessment software, incident response teams can be
unstoppable and successfully execute plans within a timely manner and ensure future
safety for their company.
If you have advice for a company interested in implementing business associate compliance,
please feel free to share your thoughts by utilizing the comments section below:
Business Address:
The Compliancy Group LLC.
55 Broadway Unit 684
Greenlawn, NY 11740
Contact No: 855 854 4722Fax: 631 731 1643
Info@compliancygroup.com
http://compliancy-group.com