How Hushmail supports HIPAA compliance: business associate agreements

Business associates

Covered entities are permitted to disclose Protected Health Information (PHI) to these organizations, known as "Business Associates", as long as they agree to certain provisions. Business associates may only use the PHI shared with them for the purposes for which they were hired, for instance, not for their own business purposes. And they must protect the PHI, and help the covered entity comply with the Privacy Rule.

The agreement

To formalize the arrangement between covered entities and business associates, a contract or agreement between the two must address certain specified elements. The agreement must: Describe the permitted and required uses of PHI by the business associate. Provide that the business associate will not use or further disclose the PHI other than as permitted or required by the contract or as required by law. Require the business associate to use appropriate safeguards to prevent a use or disclosure of the PHI other than as provided for by the contract.

Hushmail for Healthcare comes with a Business Associate Agreement that includes all the necessary terms to provide Covered Entities with assurance that Hushmail will safeguard the PHI. It’s just another way Hushmail makes it easy for you to do business and serve clients while supporting your HIPAA compliance.

Our Hushmail for Healthcare plans come configured for HIPAA compliance right out of the box. Learn more about how our healthcare plans can help you be HIPAA compliant.

Other posts in this series:

• How Hushmail supports HIPAA compliance: encrypting email
• How Hushmail supports HIPAA compliance: email archiving