What are business associates?

Business associates are defined as persons or entities that are not members of Blue Cross Blue Shield of Michigan (BCBSM) or Blue Care Network (BCN) workforce and perform functions or services on our behalf that involve use or disclosure of PHI. The HIPAA Privacy rule requires that business associates of a covered entity also safeguard PHI.

As a BCBSM independent agent we value your support of our commitment to protect our members' personal information. This section of the web is designed to outline how this obligation may affect the services you provide your clients. If you have specific questions regarding information contained on this site or in your Business Associate Agreement, please contact Agent Sales.

Modifying business practices

As a result of HIPAA privacy, BCBSM and BCN have had to modify some business practices such as how to verify the identity of any persons requesting PHI and how to handle members' requests for an accounting of certain disclosures involving PHI.

BCBSM and BCN have also implemented these reporting guidelines.

  • Agents selling and servicing BCBSM and BCN groups are also considered business associates. Section 29 of the Agent Agreement describes obligations under HIPAA in the areas of: use and disclosure; safeguard of information; reporting; access to information; accounting of disclosures; and agreements by third parties, etc., to ensure that individually identifiable health information be used appropriately and in accordance with privacy regulations.

If an agent has not signed the amendment, HIPAA privacy regulations prohibit our disclosure of any PHI for use in servicing your Blues clients regardless of your agent of record status. 

  • Self-funded customers, whose data reporting requirements include PHI, must sign their Administrative Services Contract and Business Associate Agreement, and also initial the plan sponsor certification on page 8 of the Business Associate agreement. If page 8 is not initialed, HIPAA regulations prohibit us from mailing claims listings to your clients. 
  • If your client requests that you receive reports containing PHI, an ERS group must have provided BCBSM with the appropriate Plan Sponsor Certification. A Self-Funded group must have a signed Administrative Services Contract and a signed Business Associate Agreement with the Plan Sponsor Certification on page 8 initialed. In addition, both ERS and ASC groups must provide an authorization letter on business letterhead advising BCBSM that you are their business associate and which reports BCBSM is permitted to send you.

Information safeguards

We rely on you as our business associate to request from BCBSM and BCN only the minimum necessary PHI needed to respond to your client's request. This may include:

  • Claims Status Information 
  • Benefit and Eligibility Information 
  • Enrollment Information 

If your client has certified HIPAA privacy compliance and that certification is on file with BCBSM or BCN, PHI may be released to you on behalf of your client. Your BCBSM sales representative or managing agent can confirm if we have a record of such certification for your client.

Read more about HIPAA business associate agreements below or visit our frequently asked questions on business associates page.