HIPAA Business Associates are individuals or companies that provides a service on behalf of the Covered Entity. They create, receive, maintain, transmit, or access protected health information (PHI) on behalf of the Covered Entity. As a result of the HIPAA Omnibus Rule, Business Associates are directly responsible for complicance with the Privacy and Security Rules. Business Associates do not include any members of the University of Oregon workforce.
The Privacy Office works with Purchasing and Contracting Services to arrange for a Business Associate Agreement.