For more information on HIPAA, and why we maintain complaince, please check out this resource.
A covered entity is a health care provider, a health plan or a health care clearing house who, in its normal activities, creates, maintains or transmits Protected Health Information (PHI).
A “business associate” is a person or business that provides a service to – or performs a certain function or activity for – a covered entity when that service, function or activity involves the business associate having access to PHI maintained by the covered entity. Examples of Business Associates include lawyers, accountants, IT contractors, billing companies, cloud storage services, email encryption services, etc.
Before having access to PHI, the Business Associate must sign a Business Associate Agreement (BAA)with the Covered Entity stating what PHI they can access, how it is to be used, and that it will be returned or destroyed once the task it is needed for is completed. While the PHI is in the Business Associate´s possession, the Business Associate has the same HIPAA compliance obligations as a Covered Entity.
We have an IT-focused BAA for your records upon request.
Our company adheres to NIST encryption standards as a matter of general practice. In fact, as Department of Defense contractors, we exceed most security standards in our field.