Introducing our Connectors API for integration builders
Learn more >

HIPAA Business Associates

What is a HIPAA business associate?


A HIPAA business associate is a person or entity that performs certain functions or activities involving the use or disclosure of protected health information (PHI) on behalf of, or through the provision of services to, a covered entity. For example, health plans, health care clearinghouses, and certain health care providers.

Most providers and plans do not carry out all of their health care activities and functions by themselves; they often use the services of other persons and businesses. The HIPAA Privacy Rule allows covered entities to disclose protected health information to these business associates if the providers or plans obtain satisfactory assurances the business associate will:


  • Use the information only for the purposes they’ve been engaged 
  • Safeguard the information from misuse
  • Help the covered entity comply with some of the covered entity’s duties under the Privacy Rule  

HIPAA Rules apply to covered entities as well as business associates. Suppose a covered entity engages a business associate to help carry out its health care activities and functions. In that case, the business associate must comply with HIPAA, and the covered entity must have a written business associate contract or another arrangement with the business associate that establishes the engagement specifics.

Covered entities may disclose protected health information to an entity in its role as a business associate only to help the covered entity carry out its health care functions—not for the business associate’s independent use or purposes, except as needed for the proper management and administration of the business associate.

Vanta automates security compliance.
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter a job title
Please enter your company name
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.