HIPAA awareness training for business associates

Train yourself to understand what a business associate is, and how to comply with the HIPAA provisions covering business associates.


Our Client

What is HIPAA for Business Associate

Under HIPAA, all business associates of a covered entity need to safeguard patient information. As per the law, contractors that use, store, or share PHI on behalf of a healthcare organization need to comply with HIPAA.

Compliance with privacy, security, and breach notification rules is compulsory for all contractors. With HIPAA business associate training, contractors can find out the sections that apply to them, and learn about the responsibilities exclusive to business associates.

HIPAA training for business associates is also compulsory under the law. It’s the duty of the employer to ensure that all employers are aware of what they can or cannot do when working with protected health information (PHI).

Designed to fulfill the mandatory training requirements set by HIPAA, the HIPAA Business associate training covers

  1. How to identify a business associate
  2. Business associate contracts  
  3. Privacy and security standards that business associates need to follow

Beginning with a basic introduction to the concept of business associates under HIPAA, the course then covers the privacy and security standards that business associates need to follow when using, sharing, and storing patient information. 

By the end of the training, you’d develop a good understanding of the responsibilities of a business associate under HIPAA, and the do’s and don’ts of using health records shared by a covered entity.

Course Description

Course NameHIPAA Business Associates Training
Duration30 mins
Certificate IncludedYes
Languages English
Course TypeInteractive online training
FormatLM-light, SCORM 1.2
Supported DevicesDesktop/Laptop, Tablet, Phone
Last UpdatedJune 30, 2021

What you’ll learn

  • What is a business associate, and why is it so important for you to know about it? 
  • ARRA, HITECH, and Omnibus rules
  • Business associate contracts
  • How business associates can use or disclose patient records
  • Safeguards that business associates need to put in place


  1. Who is a Business Associate?
  2. What is the ARRA and HITECH rule?
  3. What is the Omnibus Rule?
  4. Summary of ARRA/HITECH Act and Omnibus Rule
  5. Enforcement and Penalties for HIPAA non-compliance
  6. PHI Uses and Disclosures
  7. Electronic Health Records (EHR)
  8. Business Associate Contract
  9. Business Associate Contract Exceptions
  10. Business Associate Contract Provisions
  11. Identify Business Associates

Who Should Attend?

Every person and organization that creates or accesses protected health information on behalf of a HIPAA covered entity should take this training.

This includes

  • Billing and transcription contractors
  • Accountants
  • Lawyers
  • Software services
  • IT consultants

Why emPower

100s of customers

  • 14+ Years of experience in working with small to large businesses from different industries
  • 95% customer retention

Customer Experience

  • 24x7 dedicated support and toll free number
  • 99%+ guaranteed uptime

Extremely Cost-effective

  • As low as $0.99/user/yr
  • We will match or better the price of your current LMS

Effective Courses

  • Each course is 20-40 min long to ensure engagement with quizzes and certificate
  • SCORM 1.2 Compliant


  • No setup costs
  • We deploy your customized solution in less than 48 hours

Our Achievements

Here you can review some statistics about our Education Center

Individual Users

Related Courses

Start Your Certification Course Today

Examples of business associates include billing and answering services, medical transcription providers, accountants, consultants, software providers, and so on. HIPAA considers every person and business with access to a covered entity’s PHI as a business associate.

The HSH Office of Civil Rights (OCR) can hold business associates responsible for HIPAA violations. The HITECH Act and the 2013 final rule give OCR the authority to take enforcement actions against Business associates for such violations.

The Office of Civil Rights can take enforcement actions against a business associate for violating the requirements and prohibitions set forth in the HITECH Act and the OCR’s final rule of 2013. This covers failure to share PHI when a covered entity or a person asks for it.

Under HIPAA, business associates can use PHI only for the purposes set forth in their business associate agreement. Any usage, sharing or disclosure of PHI beyond the scope of the agreement will be considered as a violation of HIPAA.

HIPAA security rule  requires you to retain PHI for a minimum of six years from the date of its creation. However, you should look at applicable state and other federal regulations as well. They may have longer retention requirements.