PHI

Businesses that have access to protected health information (PHI) on behalf of a covered entity (for example, an employer’s group health plan) typically qualify as “business associates” under the HIPAA Privacy, Security and Breach Notification Rules (HIPAA Rules). If a covered entity uses a business associate, it must have a written business associate agreement with […]