A “business associate” is any person or entity that performs activities or specific functions for the dental practice which would involve the use or disclosure of patient information. The new 2013 final rule for Health Insurance Portability and Accountability Act requires business associates to:
Dental practices are required to have a written agreement in place with each one of their business associates. The Privacy Rule requires dental practices to have written assurance that its business associates will safeguard all patient information it receives or creates for the practice.
The new rule also allows the government to impose penalties on the business associates and their subcontractors. That was not the case previously. The new rules do not affect the definition of a “business associate” in regards to providers sharing patient information for treatment purposes. Specialists and labs where patient information is obtained for related services and/or products to help assist a dentist in providing care to patients are
not considered business associates.
Who is considered a “business associate”? Examples include:
The new business associate agreement rules went into effect in September 2013. Any practice that has not incorporated these changes and had their business associates sign a new agreement is encouraged to do so immediately. More information can be found via the U.S. Department of Health and Human Services at http://1.usa.gov/9cubLA or the
American Dental Association at www.ada.org/8753.aspx.