Who Is Affected by HIPAA?
Because HIPAA regulates healthcare, which is important to every American, the effects of HIPAA are far-reaching. It not only affects insurance companies and healthcare providers, it also touches companies that provide data services and software to those providers, and even grants individual patients new control over their patient records and how that data is shared and used.
Obviously, HIPAA has a direct effect on insurance providers, hospitals, clinics, and medical practices. But some aspects of HIPAA also apply to information technology consultants or data service providers and their clients. IT solution providers working with healthcare clients may be required to enter into what's termed a Business Associate Contract. This contract is an agreement between the IT provider and the healthcare provider, detailing how the IT provider will deal with protected health information that's regulated under the HIPAA Privacy Rule or Security Rule.
The Business Associate Contract details exactly how an IT solution provider is allowed to use patient records and how those records can be accessed by the IT solution provider, and binds any subcontractors to the same terms. Basically, the agreement exists to bind IT providers to the same requirements as those of the healthcare provider, and to set out all those requirements in clear, legally binding terms.
The exact content of a Business Associate Contract varies from one IT consultant to the next, and from client to client. However, if you're planning to provide IT services to any client in the healthcare arena, you should be prepared to deal with this particular contractual instrument.