C Healthcare Business Consultants, Inc.

Specialists in the Business of Hospital Based Medicine


Home Specialties About HBC Contact HBC Privacy Policy

HIPAA Privacy Policy

Healthcare Business Consultant's HIPAA Business Associate Privacy Policy Effective Date: 01/01/2014


Who We Are: Healthcare Business Consultants, Inc. provides practice management solutions to hospital-based physician practices. All references to "we", "us", this "website" or this "site" shall be construed to mean Healthcare Business Consultants, Inc.


What We Do: We provide services to Covered Entities under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, as amended, including without limitation amendments by the Health Information Technology for Economic and Clinical Health (HITECH) Act (collectively referred to herein as “HIPAA/HITECH”). In the process of providing our services, we may receive, review, maintain and/or transmit information defined by HIPAA/HITECH as Protected Heath Information (PHI) and/or Electronic Protected Health Information (ePHI) from our Covered Entity customers (PHI and ePHI are collectively referred to herein as “PHI”).


Business Associate Agreement: A Business Associate Agreement is a formal written contract between us and a Covered Entity that obligates us to satisfy certain specific obligations regarding PHI of a Covered Entity that we may receive, review, maintain and/or transmit in connection with our services.


Purpose: This Privacy Policy provides information regarding how we use, disclose, and protect PHI in accordance with HIPAA/HITECH and the Business Associate Agreements with our Covered Entity customers.


Use and Disclosure of PHI:

  1. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of performing our obligations under our services agreements to Covered Entities, provided that such use or disclosure is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA/HITECH, including its Privacy Rule or Security Rule as applicable to Business Associates.
  2. We may use PHI internally for our own internal management, administration, data aggregation and legal obligations, but only to the extent such use of PHI is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA/HITECH, including its Privacy Rule or Security Rule as applicable to Business Associates.
  3. We may disclose PHI for law enforcement purposes as required by law or in response to a valid subpoena.
  4. We may disclose PHI to downstream subcontractors or agents that provide supporting services to us; however, we will require such subcontractors and agents to comply with the same terms and conditions that apply to us under the applicable Business Associate Agreement and PHI, including the implementation and maintenance of required safeguards.


Safeguards: We have established and maintain safeguards that are required by the applicable Business Associate Agreement and HIPAA/HITECH, including its Privacy Rule and Security Rule as applicable to


Business Associates: These safeguards include administrative, physical, and technical safeguards that are reasonable and appropriate for the protection of the PHI that we receive, review, maintain and/or transmit on behalf of our Covered Entity customers.


How to Contact Us: If you have any questions regarding this Privacy Policy, please contact our Compliance Officer at:


Healthcare Business Consultants, Inc.

Attention: Compliance Officer

1200 Harger Road – Suite 408

Oak Brook, IL 60523-1956

Telephone: (630) 472-8800

Fax: (630) 645-4646