Visitor business associates

Difference Between HIPAA Business Associates and Visitors

Difference Between HIPAA Business Associates and Visitors


by Jim Moore        11/30/2020

Visitor business associates

Your Privacy Officer should be noting visitors to your office and ensuring that Visitor Privacy Policies are signed and retained. Business Associate Agreements are not the same thing as Visitor Privacy Policies, although many offices seem to use them interchangeably. 

By reading this blog post, you will learn the difference between visitors and business associates. You will also learn more information about Business Associate Agreements and Visitor Privacy Policies.

What is a visitor?

A visitor is someone who has incidental access to patient information. For example, a technician repairing a chair may see protected health information (PHI) left on a workstation display or might have access to a chart left on a desktop.

What is a Business Associate?

A Business Associate, on the other hand, can have carte blanche (complete freedom) access to patient data. While many offices believe they have no Business Associates, this is seldom the case. Almost every IT provider is a Business Associate, as are most dental office software providers. Dental labs, despite their frequent protests to the contrary, are usually Business Associates, unless they are owned by a healthcare practitioner. 

Cleaning services that have access to your office after hours may be considered Business Associates as well, especially if your practice still uses paper charts. If your landlord can enter your office whenever he or she wishes, the landlord may be a Business Associate as well.

Business Associate Agreements

HIPAA requires a Business Associate Agreement if your practice works with business associates. Have a Business Associate Agreement ready for each Business Associate to sign. Check out our blog post if you have further questions about Business Associate Agreements

Visitor Privacy Policies (VPPs)

HIPAA also requires a Visitor Privacy Policy if your practice works with visitors. If the visitor will have access to PHI, make sure you have them sign the Visitor Privacy Policy. Similarly to BAAs, if a visitor signs your Visitor Privacy Policy, and they violate HIPAA using your PHI, the Visitor Privacy Policy can indemnify your practice. 

Here are topics to include in your Visitor Privacy Policy:

  • Security responsibility
  • Verification of identity 
  • Safeguards
  • Business associates
  • Cooperation with regulatory agencies
  • Investigation and enforcement
  • Receipt and acknowledgment

Do you need help creating your documents?

If you need help with providing the correct HIPAA documentation to your Business Associates or visitors, check out Smart Training’s Dental Platinum+, Dental Essentials, and Complete Medical Compliance packages. These packages provide you with all the HIPAA documents you need. We customize these documents for your practice. If you need help, request a free demonstration with a Compliance Adviser.

Smart Training
820 W Spring Creek Pkwy, Ste 400-R Plano, Tx 75023