In 2013 as part of the Omnibus Rule, the United States government began to require all Business Associates to follow HIPAA guidelines. A Business Associate (BA) is any company that works with healthcare providers and has access to patient data, even if that access is indirect.
A Business Associate Agreement (BAA) is the required document between the medical provider, known as a Covered Entity (CE) and the Business Associate (BA).
As part of the American Recovery and Reinvestment Act (AARA) enacted on February 17, 2009, Congress created a tax incentive program called Meaningful Use to incentivize healthcare providers including doctors, hospitals, critical-access hospitals, and Medicare Advantage Organizations to convert their PHI (Protected Health Information) to electronic versions known as ePHI (Electronic Protected Health Information). This program encouraged small single-doctor practices and large hospitals to utilize approved Electronic Health Records (EHR) systems. [Note: We use the term EHR instead of EMR (Electronic Medical Records) because EHR refers to the overall health of a patient compared to purely the medical conditions and treatment for a patient found in EMR.]
HIPAA stands for the Health Insurance Portability and Accountability Act, which first appeared in 1996. Initially, HIPAA’s vagueness made if confusing and most small and medium-sized medical entities saw it as voluntary because there was little enforcement through the Department of Health & Human Services (HHS). [Also, don’t call it HIPPA or confuse it with a HIPPO.]
