Business Associates

Business associates have the same compliance and security obligations under HIPAA as covered entities (healthcare provider, health plan, or clearinghouse). They are also subject to enforcement actions and financial penalties for breaches of protected health information (PHI) or other violations.

Under HIPAA, a ā€œBusiness Associateā€ is specifically defined as a person or entity that provides services or performs work that involves the use or disclosure of protected health information (PHI) on behalf of a covered entity (healthcare provider, health plan, or clearinghouse). As a matter of course, business associates are not a homogenous group. They perform a wide variety of functions and can range in size from a single individual to a large corporation.

IT Services Firms & Hosting Companies

SaaS Providers

Biotech/Life Sciences


Professional Services

The common denominator ā€“ business associates are obligated to comply with HIPAA and safeguard PHI with the same stringency as a covered entity. In recent years, the enforcement of this BA requirement has intensified. Healthcare providers routinely ask vendors to sign business associate agreements. Many BAs have received large fines from the Office of Civil Rights (OCR) for data breaches and compliance failures. Today, healthcare-focused investors almost always require their portfolio companies to attest to their compliance.

As a result, in addition to satisfying HIPAA, many BAs take the additional step of becoming HITRUST certified. This provides them with a standards-based framework on which to build and enhance their security program. It also gives them a validated certification they can promote publicly. Agio can assist BAs with HIPAA security risk assessments and HITRUST certification while jointly building a cost-effective risk management program.

Most Popular Services & Managed Programs

Security Risk Assessment

Learn more

Penetration Testing

Read More

Application Security

Read More

Our tech partners.

Trending resources for technology leaders.

managed it services

Are Your Compliance Efforts Putting You at Risk?

Read More
work from home security

How to Pick Your XDR Partner

Read More

Can Your Employees Handle an Attack Every 11 Seconds?

Read More

Are you in?

Find out whether Agio is right for you. Contact us to design a custom solution for your firm.

The Agio Vision

This is the heading content

This is the text content


Agio Academy