As a covered entity under HIPAA, be sure to evaluate the necessity of a Business Associate’s Agreement. This a required contract under HIPAA that is between you, the provider, and any entity handling your patient’s protected health information (PHI) such as a billing or shredding service. The contract assures that the entity will appropriately safeguard PHI. Click here for an example of the consequences if you do not have such agreements in place.