HIPAA violations: Business associate agreements are not necessarily a shield

Blog Post

Healthcare providers should remember that a business associate agreement does not provide blanket protection for the provision of protected health information (PHI) to a business associate, or the use of that information by a business associate. The underlying disclosure and use of the PHI must also be permissible under HIPAA regulations, such as for treatment or payment purposes.

For example, if a sales representative of a healthcare provider wishes to have unlimited access to PHI (such as the medical records of the healthcare provider’s patients), it is highly unlikely that such unlimited access to PHI would be permissible under HIPAA. Signing a business associate agreement with the sales representative will not convert this situation into a permissible one, because the underlying disclosure and use of the PHI must comply with HIPAA.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.