Skip to content


HIPAA Compliance: Covered Entity vs. Business Partner

HIPAA compliance is an important topic with the large amount of personal health information (PHI) data in digital storage today. Within the HIPAA guidance, two categories are described: covered entities and business partners. Each of these categories has their own requirements when it comes to HIPAA compliance.

According to the U.S. Department of Health & Human Services, covered entities can include health care providers, health plans or health care clearing houses. Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information (

The second category is termed business associates. According to the U.S. Department of Health & Human Services, if a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are liable for compliance with certain provisions of the HIPAA Rules. (

Business associate services can include legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, and financial. Business associate functions and activities can include claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing (

So why does this matter? If your company accesses, works with, or stores third-party protected health information, you may need to be compliant with HIPAA guidelines and are liable for the compliance with those standards.

How do you know if you are HIPAA compliant? A HIPAA Compliance audit can help identify whether you are in compliance and also provide support for any covered entities that are requesting your compliance. To learn more about HIPPA compliance audits, you can view to our recent webinar for more information.

McKonly & Asbury is experienced in assisting clients in identifying and implementing the controls needed to pass a HIPAA compliance audit. Please contact us if you have questions about the process or are ready to move forward with a HIPAA assessment.

About the Author

Christopher Fieger

Chris joined McKonly & Asbury in 2019 and is currently a Supervisor with the firm. He is a member of the firm’s Audit & Assurance Segment, serving the manufacturing industry and SOC practice

Related Industries

Subscribe to Our Newsletter

Contact Us