A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) on behalf of, or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. Business associates can be vendors or subcontractors who have access to PHI. Examples of business associate functions and activities include claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing. Business associate services include legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, and financial services. Examples of business associates include IT consultants, answering services, collections agencies, e-prescribing services, medical device makers, billing or coding companies, law offices, medical transcriptionists, and practice management services. It is important to note that the HIPAA Rules generally require that covered entities and business associates enter into contracts with their business associates to ensure that the business associates will appropriately safeguard protected health information.