Purpose Of Business Associate Agreement

But let`s be honest… It is difficult, if not impossible, to run a business without the help of third parties. Hiring outside help when you need extra hands or if you have special needs is often made sense by business. The contract should provide that the BA (or subcontractor) must take appropriate administrative, technical and physical security measures to ensure the confidentiality, integrity and availability of ePHI and meet the requirements of the HIPAA security rule. Some of these measures may be indicated in the BAA or left to the BA`s discretion. The BAA should also include authorized uses and disclosures of PHI to meet the requirements of the HIPAA data protection rule. In case people who do not have access to the PHI for advertising information, such. B as the internal violation or cyberattack, access PHI, the business partner is required to inform the entity concerned of the violation and may be required to send notifications to persons whose PHI has been compromised. The timing and reporting responsibilities should be detailed in the agreement. For many covered companies, it is not always clear who is subject to a HIPAA business partnership agreement.

The Department of Health and Human Services defines a counterparty as “a person or organization that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of a covered company or that provide services to a covered business.” Business contracts are not optional! HIPAA requires you to sign the BAA with your business partner before sharing PHI with them. This will help you avoid a data breach, as well as penalties for not having a BAA on site. Encryption of all ePHI stored or transferred by a business partner is an important protection, but encryption alone is not enough to ensure HIPAA compliance. Physical security measures must also be put in place to ensure that unauthorized persons cannot access ePHI, and administrative security measures must be put in place and written guidelines and procedures must be developed and maintained. From award-winning HIPAA training to contracts and agreements, we can meet your requirements so that you have protected your business. If you know that one of your business partners has significantly violated a BAA, HIPAA rules require you to correct this or terminate the BAA. Otherwise, you could be on the hook for non-compliance by the lender.