Do you know your business associates?

HIPAA's business associate rules require covered entities to identify their business associates and enter into contracts with them to safeguard the privacy of individually identifiable health information. Covered entities need to determine who their business associates are and whether exceptions apply. Covered entities need to examine their business associate contracts to ensure that the contracts contain provisions required by HIPAA. Covered entities should not enter into business associate contracts unnecessarily. Existing business associate contracts are subject to a transition period for compliance with HIPAA.