Using a Business Associate Agreement Under HIPAA
What happens when a Covered Entity enters into an agreement to share patient data with another organization? Entering into a Business Associate Agreement, also known as a BAA, is another situation that falls under the HIPAA Privacy Rule. This chapter takes a look at what takes place when involved with these agreements.
What is a Business Associate?
When a covered entity does business with another organization, they have officially entered into a Business Associate Agreement according to HIPAA. This means that the other company is also directly liable for compliance with HIPAA's Privacy and Security requirements. Technically, covered entities are required to inform their business associates when they enter into a Business Associate Agreement.
According to HIPAA, a covered entity and another organization have formally entered into a business associate agreement when they conduct business together. As a result, the other business is also directly responsible for adhering to HIPAA's privacy and security regulations.
All business associate employees and subcontractors should receive HIPAA compliance training. However, covered entities are ultimately responsible for keeping their client’s PHI secure. It’s important to keep track of ways that client PHI could be compromised and how to respond and manage such a situation.
In short, any organization that works with a healthcare provider and comes into contact with PHI is considered a business associate. When it comes to subcontractors, the business associates need to obtain satisfactory assurances to assure safeguards are in place.
Basically, what it comes down to is you must ensure you use appropriate safeguards to protect access, use, or disclosure of protected health information. However, anything that is permitted by the BAA is just fine.
Examples Of Business Associates
Due to the wide scope of the healthcare industry, a business associate can come in many forms. Read the list to see some examples of potential business associates.
Here are some myths to look out for:
- -
A CPA firm that handles accounting for a covered entity
- -
An attorney's office that handles legal matters for a healthcare provider
- -
A web hosting service for a doctor's office
- -
A customer service call center for a hospital
- -
A marketing firm for a dentist's private practice
- -
An organization that shreds documents for a health insurance company
Increase HIPAA Knowledge with Business Associate Training
HIPAA training for business associates is a critical component of compliance with HIPAA regulations. EasyLlama’s training helps business associates understand the rules and regulations of the HIPAA Privacy and Security Rules and how to protect the privacy and security of protected health information (PHI). The training also helps business associates understand their responsibilities for ensuring compliance with HIPAA. EasyLlama offers multiple HIPAA courses for distinct audiences, including covered entities, business associates, as well as unique courses that address the state-specific HIPAA legislation in Texas and Florida.
Helping over 8,000+ organizations create a safer, more inclusive company culture.
EasyLlama’s online training course helps prepare employees to navigate HIPAA. This course provides an in-depth examination of how to respond to a breach of confidential data and the best way to protect your patients. The course covers:
Get more from EasyLlama
