HIPAA
Business Associate
A vendor that handles PHI on behalf of a covered entity and is directly liable under HIPAA.
A business associate is a person or company that creates, receives, maintains, or transmits PHI on behalf of a covered entity. Examples include hosting providers, billing companies, healthcare SaaS vendors, and marketing agencies handling patient data.
Since the 2013 Omnibus Rule, business associates are directly liable for HIPAA violations, not just contractually liable to the client, and must sign a BAA. See how HIPAA affects marketing agencies.