HIPAA Online Homepage

User Type

Quick Links
Privacy Notice

What is

Contact Us


HIPAA Privacy & Security
2. Business Associates Section:
Associate Responsibilities

As a HIPAA-compliant Business Associate, you will need to fulfill some or all of these responsibilities:

Initial Compliance

  1. Business Associate Agreement.  Begin working with your Nebraska DHHS contact person to create, revise and finalize the HIPAA Business Associate Agreement.  This requirement began on 4/14/2003, the HIPAA Privacy rule compliance deadline became effective.. 
  2. Your Other Business Associates.  Identify your own "Business Associates" and "Trading Partners", and sign the appropriate "Agreements" with them.
    • Check the Glossary for HIPAA definition of "Business Associate" and "Trading Partner".
  3. Become Compliant.  Perform the 4-step process for HIPAA compliance on all of your policies, procedures, information systems and transactions.
    • Assessment, analysis, remediation, and maintenance.
  4. Electronic Transactions.  If you plan to send electronic transactions to DHHS, then work with DHHS Medicaid claims staff to implement new claims and authorization processes, such as the x12 Companion Guide for creating transactions.
  5. Deadlines.  The compliance deadlines -- were on 4/14/03 for Privacy practices, and 10/16/03 for Transactions.

Ongoing maintenance

  1. Continually train your staff and new hires for HIPAA compliance.
  2. Maintain Privacy Practices and Transaction standards, in collaboration with the Nebraska DHHS.
  3. Report privacy violations and complaint for non-compliance to the NE-DHHS and the U.S. Secretary of Health and Human Services.
  4. Be ready for HIPAA auditor's visit -- have policy, forms, and medical records safeguards systems ready for inspection.