OSHA & HIPAA Compliance Made Easy
OSHA & HIPAA Compliance Made Easy
With 25+ years of OSHA experience and one of the nation's only Certified HIPAA Professionals, Smart Training makes compliance not only manageable but easy! We want to address your concerns, so comment and have your questions answered by the experts!
Smart Training

What’s the Difference Between HIPAA Business Associates and Visitors?

What’s the Difference Between HIPAA Business Associates and Visitors?

12/3/2020 12:56:38 PM   |   Comments: 0   |   Views: 41

Your Privacy Officer should be noting visitors to your office and ensuring that Visitor Privacy Policies are signed and retained. Business Associate Agreements are not the same thing as Visitor Privacy Policies, although many offices seem to use them interchangeably. 

By reading this blog post, you will learn the difference between visitors and business associates. You will also learn more information about Business Associate Agreements and Visitor Privacy Policies.

What is a visitor?

A visitor is someone who has incidental access to patient information. For example, a technician repairing a chair may see protected health information (PHI) left on a workstation display or might have access to a chart left on a desktop.

What is a business associate?

A Business Associate, on the other hand, can have carte blanche (complete freedom) access to patient data. While many offices believe they have no Business Associates, this is seldom the case. Almost every IT provider is a Business Associate, as are most dental office software providers. Dental labs, despite their frequent protests to the contrary, are usually Business Associates, unless they are owned by a healthcare practitioner. 

Cleaning services that have access to your office after hours may be considered Business Associates as well, especially if your practice still uses paper charts. If your landlord can enter your office whenever he or she wishes, the landlord may be a Business Associate as well.

Business Associate Agreements (BAAs)

HIPAA requires a Business Associate Agreement (BAA) if your practice works with business associates. Have a BAA ready for each business associate to sign. If you have further questions about BAAs, check out our blog post

Visitor Privacy Policies (VPPs)

HIPAA also requires a Visitor Privacy Policy if your practice works with visitors. If the visitor will have access to PHI, make sure you have them sign the Visitor Privacy Policy. Similarly to BAAs, if a visitor signs your Visitor Privacy Policy, and they violate HIPAA using your PHI, the Visitor Privacy Policy can indemnify your practice. 

Here are topics to include in your Visitor Privacy Policy:

  • Security responsibility
  • Verification of identity 
  • Safeguards
  • Business associates
  • Cooperation with regulatory agencies
  • Investigation and enforcement
  • Receipt and acknowledgment

Do you need help creating your HIPAA documents?

If you need help with providing the correct HIPAA documentation to your Business Associates or visitors, check out Smart Training’s Dental Platinum+Dental Essentials, and Complete Medical Compliance packages. These packages provide you with all the HIPAA documents you need. We customize these documents for your practice. Request a free demo with a Compliance Officer here

You must be logged in to view comments.
Total Blog Activity
Total Bloggers
Total Blog Posts
Total Podcasts
Total Videos
Sally Gross, Member Services Specialist
Phone: +1-480-445-9710
Email: sally@farranmedia.com
©2022 Hygienetown, L.L.C., a division of Farran Media, L.L.C. • All Rights Reserved
9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 • Phone:+1-480-598-0001 • Fax:+1-480-598-3450