Developers and HIPAA

What does "on behalf of a covered entity mean"

What triggers acting "on behalf of a covered entity", A, or B, or other?

A. A covered entity uses your app (you are not paid or have signed a BA; they just go online and use it).

B. Getting hired by them.


We have an app that patients and providers use for chronic disease management. Does not integrate with EHR. Patients enter their progress and providers review it and can message back and forth.

We think we are not a BA, but would like clarification.

Tags (If you have a multi-word tag, add a hyphen (-) between the words.)


3 votes
3 up votes
0 down votes
Question No. 66