HIPAA Basics for Business Associates 2023 Edition

The Department of Health and Human Services (HHS), which enforces the HIPAA privacy and security requirements, has requested a substantial increase in their budget. One significant reason is to expand investigations, in large part to address the growing number and types of privacy breaches and security incidents, within not just covered entities (CEs), but also business associates (BAs) where over half of PHI breaches occur. It is imperative that BAs take actions to meet and then maintain HIPAA compliance to not only protect their own business, but also to protect their CE clients from fines, and to protect the associated individuals’ from misuse of their PHI, by establishing necessary safeguard to protect the PHI.

Implementing appropriate safeguards, controls and business practices requires starting with knowing and understanding the current HIPAA requirements that apply to BAs. And then maintaining that knowledge and understanding with ongoing training, at least once a year for overall HIPAA compliance learning, and by having teams and specific roles within the CE and BA organizations taking specialized learning courses for more targeted topics.

This course provides the key information to help BAs to understand their full legal obligations for HIPAA compliance.

Unfortunately, many businesses don’t even realize that they are a BA as defined by HIPAA. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity (CE) as defined by HIPAA. The types of functions or activities that may make a person or entity a business associate include payment or health care operations activities, as well as other functions or activities that involve generally any type of access to the protected health information (PHI) of a CE in support of work the BA is contracted to do for the CE. BAs are organization located in any location throughout the world.  

Business associate functions and activities include, but are not limited to: claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing.  Business associate services are: legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial.

BAs must comply with CEs must also ensure that their business associates (BAs), who are those providing CEs with services and/or products that involve in some way access to protected health information (PHI), and any sub-contractors they use, also are in compliance with HIPAA.

This training course is designed with the needs of BAs in mind. It provides an overview of the HIPAA requirements important for all BAs to know and understand. It also contains an overview of new information about temporary and proposed HIPAA changes, restrictions, satisfactory assurances BAs need to know and have available to provide to their CE clients, as required by HIPAA. Real-life examples are provided, along with common misconceptions for BAs to avoid. See the outline for more information.

Ten valuable supplemental materials are provided to each learner, along with a quiz that randomly shows 15 questions each time the quiz is provided to a course learner, and the possible answers are also randomly shown for the associated questions. Each learner also is provided with a printable certificate upon successful completion of the course (completing the full video and passing the quiz) that contains the learner’s name, course name, length of the course, and date completed. Also, information for any learner to provide when using the course to help fulfill certification continuing professional education (CPE) requirements.


  • HIPAA overview

  • Covered Entities (CEs) and Business Associates (BAs)

  • Satisfactory assurances that BAs can provide to CEs

  • When CEs are allowed to disclose PHI to BAs

  • HIPAA Privacy Rule overview

  • HIPAA Security Rule overview

  • HIPAA Breach Notification Rule overview

  • HHS Temporary Changes in HIPAA Requirements

  • Proposed HIPAA changes

  • Protected health information (PHI) and specific types

  • BA requirements

  • Security Rule requirements

  • Breach Notification Rule requirements

  • Tracking tech, telehealth, reproductive health, and substance abuse data breaches

  • Privacy Rule requirements

  • Where PHI needs to be protected

  • When a BA is responsible for protecting PHI

  • BA requirements for subcontractors

  • Common BA misconceptions in understanding HIPAA compliance

  • Penalties and sanctions and huge fines given to BAs

Supplemental Materials:

Yes. Ten total items.

Nine PDFs and one Word doc supporting the content of the course. Learners can refer to and download (for their own use while performing their job responsibilities) the materials at any time while the course is active.

The supplemental materials include details about temporary changes, HHS compliance guidance, reference materials needed to understand PHI items and other HIPAA concepts, and a document for supporting BA requirements.

The Business Admin for each business account can also add more supplemental materials specific to the business (e.g., forms, policies, procedures, etc. that are associated with the course content).


Yes, a quiz is included for each Privacy & Security Brainiac premium/paid course.

15 randomly chosen questions from a large and growing repository of questions for this course. Each time the course quiz is provided to a learner, the questions are randomly chosen from the repository, and the answer choices for each question are also randomly shown (so they will be shown in a different order each time for each question).

Results of the quiz include explanations for each question and the associated correct answer within the graded quiz report.

Certificates for passing, and special recognitions for passing with high scores, are provided to each learner.

The Business Admin for each business account…

  • Has the capability to establish the passing percentage for the course for the associate business learners.

  • Has additional course reports for all students as well as for the quiz questions, and individual students.

  • Can communicate with the business account learners within the portal, assign courses to specific learners, and more.


Number of learners/seats

Price per learner/seat

















* contact info@privacysecuritybrainiacs.com for pricing for 500 or more learners