Types of Business Associates in Software Development

8 min read


 types of business associates, healthcareThe healthcare industry is a multidisciplinary field with a wide range of vendors or contractors who have to comply with the HIPAA regulations on safeguarding protected health information (PHI).

The Health Insurance Portability and Accountability Act of 1996 outlines two main groups within the healthcare industry; Covered Entities and Business Associates.

Each of the two groups defines various employees and enterprises within the healthcare industry that come into contact with PHI.

What is a Business Associate?

Business Associates refer to individuals or entities that use or disclose PHI on behalf of a Covered Entity.

A member of a Covered Entity, such as a health plan, healthcare provider, or healthcare clearinghouse, can become a Business Associate if another Covered Entity contracts them to use or disclose PHI.

Types of Business Associates

There are many types of Business Associates, which could be individuals or entities. They include:

Third-Party Healthcare Claims Processors and Medical Billing Companies

Medical billing companies manage the billing insurance and process client payments.

The companies submit claims for medical procedures and services issued by insurance companies.

Medical billing companies communicate with patients regarding outstanding balances and collect payments for provider entities.

Interacting with PHI and working under contract by provider institutions makes medical billing companies Business Associates.

Companies such as dr chrono, AdvancedMD, and athenahealth offer HIPAA-compliant medical billing services to Covered Entities.

Healthcare Providers Attorneys

Attorneys whose legal services to a health plan come into contact with protected health information.

Legal firms such as Dickinson-Wright and KJK help healthcare professionals, physicians, health insurers, and healthcare facilities to resolve underlying legal challenges.

Healthcare Attorneys help Covered Entities understand and comply with all regulations, including HIPAA.

Healthcare attorneys become Business Associates when contracted by a Covered Entity to offer their legal services, including interaction with PHI.

CPA Firms for Healthcare Providers

Healthcare accounting firms help to minimize the tax burden, conduct accounting reviews and audits, and maintain medical accounts payable and receivable records for healthcare organizations.

CPA firms serve as Business Associates when working under a contract with Covered Entities to provide accounting services that involve access to billing records and other sensitive data.

CPA firms such as James Moore & Co and Moss Adams help strengthen Covered Entities’ accounting and finance functions.

Accounting firms and individual accountants may choose to join the National CPA Health Care Advisors Association (HCAA) to broaden their network.

Hospital Utilization Reviews Consultants

Comprehensive hospital utilization review consultants help prevent denials and establish successful appeal requests.

HIPAA-compliant utilization review consultants and firms such as AppriseMD help healthcare plans collect accurate data.

Healthcare Clearing Houses Contracted by Healthcare Providers

Healthcare clearinghouses are responsible for translating claims from non-standard to standard format in place of healthcare providers and forwarding the processed transaction to a payer.

Pharmacy Benefits Managers

PBMs interact with PHI and are responsible for negotiating rebates, establishing formularies, processing claims, managing mail-order specialty pharmacies, and reviewing drug utilization.

According to the National Association for Insurance Commissioners, 66 Pharmacy Benefits Manager companies exist. The largest of the 66 include Express Scripts, CVS Caremark, and OptumRX.

Freelance Medical Transcriptionist

Independent medical transcriptionists that transcribe medical data on behalf of physicians, healthcare facilities, healthcare plans, and other Covered Entities interact with PHI.

The transcriptionists have to sign a BAA to enhance HIPAA compliance by safeguarding protected health information during transcription.

Healthcare Software Providers

Software providers that offer solutions to the healthcare industry may come into contact with protected health information.

Creating and maintaining mobile or web applications to enhance communication between physicians and patients means the software developer has to interact with sensitive data.

HIPAA regulations require software developers to sign a Business Associates Agreement with the contracting Covered Entity to maintain compliance.

Flatirons Development is an excellent example of a software developer that operates as a Business Associate when developing mobile applications for a healthcare provider, healthcare plan, or a healthcare clearinghouse.

Healthcare Cloud Service Providers

HIPAA-compliant cloud computing services such as Amazon Web Services fall under the category of Business Associates.

Covered Entities use the numerous AWS cloud services to store, process, and transmit PHI. Other credible HIPAA-compliant cloud service providers include Microsoft Azure and Google Cloud Platform.

Healthcare Document Storage Companies

Healthcare providers may contract a third party to store sensitive data, such as patient health information.

The contracted document storage company should sign a BAA with the healthcare provider to maintain HIPAA compliance and safeguard PHI.

Companies such as Dox and Box, and Access provide secure physical and digital medical data storage environments.

Dox and Box, and Access become like a type of Business Associate when contracted by Covered Entities to store their PHI.

Healthcare Collection Agencies

Healthcare collection agencies assist healthcare facilities in collecting outstanding debt, which helps retain revenue.

Medical bills fall under protected health information, so discussing medical debt may be a sensitive topic for most individuals.

Healthcare providers share the medical debt details, names, contact information, and addresses of the patients with the collection agencies making the agencies Business Associates.

Collection agencies such as Frost-Arnett , Summit A.R., and First Federal Credit Control (FFCC) have to comply with HIPAA regulations to safeguard PHI by signing a BAA with the healthcare providers.

Healthcare providers contract such agencies to maximize collection, retain an excellent patient-provider relationship, and save on time which could be used in other resourceful activities.

Healthcare Asset and Document Recycling and Shredding Enterprises

Covered Entities may recycle assets and documents containing PHI by contracting third parties.

Healthcare facilities should recycle or shred paper-based PHI and media in a HIPAA-compliant manner by signing a BAA with contracted recycling and shredding companies.

Companies such as Iron Mountain, Protec Recycling, and Rehab Group offer safe, secure, and cost-effective data destruction.

Healthcare Marketing Firms

Marketing firms may interact with patient data such as location, email addresses, contact details, testimonials, and other sensitive information to help structure their marketing copies.

According to a 2019 study, healthcare companies spend more than $2.5 billion on digital marketing.

The healthcare industry may increase its coverage and customer efficiency through well-structured marketing tactics.

Covered Entities should therefore contract HIPAA-compliant marketing firms who become Business Associates when delivering their marketing services.

Some of the leading digital marketing firms in healthcare who are likely to offer services as Business Associates include Colormatics, Parkerwhite, and REQ.

Medical Device Manufacturers

Medical Device manufacturers fall under the category of Business Associates since healthcare organizations contract them to come up with devices to aid in treatment and other healthcare services.

Medical Device manufacturers might require PHI to manufacture, improve, and maintain the medical devices.

Companies such as Johnson & Johnson, Abbott, and Medtronic accelerate access to healthcare technology.

Medical Couriers

Medical couriers work directly with physicians, hospitals, laboratories, and other healthcare facilities to deliver medicine, specimen, medical equipment, medical records, and blood or organs for analysis.

Medical couriers handle PHI qualifying them as Business Associates who should sign a BAA with the medical facilities to safeguard sensitive data and enhance HIPAA compliance.

Top HIPAA-compliant medical couriers in the U.S.A include Delivery Express Logistics and Business Express Courier Services.

Types of Functions and Services of Business Associates

The HIPAA Privacy Rule outlines functions and services that make an individual or entity a Business Associate.

The activities should include the use and disclosure of protected health information.

Functions of Business Associates:

  •       Data analysis
  •       Utilization review
  •       Billing
  •       Benefit management
  •       Repricing
  •       Quality assurance
  •       Processing or administration
  •       Business Associates Services
  •       Consultation
  •        Accounting
  •        Legal
  •        Actuarial
  •        Management
  •        Accreditation
  •        Data aggregation
  •        Administrative
  •        Financial


Some types of Business Associates could be individuals or entities who use or disclose PHI on behalf of a Covered Entity.

Business Associates range from medical transcriptionists, healthcare software developers, and healthcare CPA firms, as described in this article.

Flatirons development will sign a BAA with you when you hire us to create top-grade HIPAA-compliant healthcare software.

Software Development Outsourcing Solutions

Outsource your software development to Flatirons for quality, efficiency, and innovation.

Learn more
More ideas.

What is User Acceptance Testing? A Guide in 2024


Feb 16, 2024

Top SaaS CSV Importer Solutions


Feb 13, 2024

AI in SaaS Businesses: Revolutionizing Tech Solutions


Jan 30, 2024

AI in Transportation Industries: Use Cases and Benefits


Jan 28, 2024

What is Node.js? An Overview in 2024


Jan 23, 2024

In-House vs. Outsourced Software Development: Which Is Right?


Jan 21, 2024