BUSINESS ASSOCIATE
AGREEMENT MATTERS
BUSINESS ASSOCIATE
AGREEMENT MATTERS
Health Insurance Portability and Accountability Act (HIPAA) - covered businesses, such as healthcare providers, health plans, health clearinghouses, and legal offices that handle medical-related cases are required to adhere to the HIPAA Privacy Rule.
In today’s age, cyber dangers, and patient privacy concerns evolve. Detailed contracts with business partners have become vital to compliance and security, yet both small and large businesses frequently overlook them.
Health Insurance Portability and Accountability Act (HIPAA) - covered businesses, such as healthcare providers, health plans, health clearinghouses, and legal offices that handle medical-related cases are required to adhere to the HIPAA Privacy Rule.
In today’s age, cyber dangers, and patient privacy concerns evolve. Detailed contracts with business partners have become vital to compliance and security, yet both small and large businesses frequently overlook them.
1What is a Business Associate?
A Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.
2Who is required to establish a Business Associate Agreement?
The HIPAA Privacy Rule mandates an individual or organizations such as consultants who perform hospital utilization assessments or attorneys who provide legal counsel to their clients, to establish a Business Associate Agreement (BAA) with any of their partners and vendors to meet specific requirements with respect to the use and disclosure of PHI.
Direct liability of Business Associates according to Health Information Technology for Economic and Clinical Health (HITECH) Act includes:
Failure to enter into business associate agreements with subcontractors that create or receive PHI on their behalf, and failure to comply with the implementation specifications for such agreements.
Direct liability of Business Associates according to Health Information Technology for Economic and Clinical Health (HITECH) Act includes:
Failure to enter into business associate agreements with subcontractors that create or receive PHI on their behalf, and failure to comply with the implementation specifications for such agreements.
3Why is BAA very important when handling Protected Health Information?
Organizations are being held accountable for any data breaches resulting from their vendor’s conduct if they don't sign a BAA with them. A vendor is in charge of protecting your PHI after they agree to the BAA. When it comes to HIPAA and business associate agreements, both parties are held accountable for oversight of the PHI, not doing so would have a systemic negative impact on their entire system. A properly executed BAA can protect both parties in the event of a breach.
4What are the penalties for not securing a HIPAA-Compliant BAA?
Penalties for HIPAA violations can vary from $100 to $50,000 for individual violations, with a maximum fine of $1.5 million per calendar year for infractions, depending on the perceived amount of carelessness. Additionally, those who commit infractions risk spending time in jail. An example of a HIPAA violations is the failure to sign a HIPAA-Compliant Business Associate Agreement.
1What is a Business Associate?
A Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.
2Who is required to establish a Business Associate Agreement?
The HIPAA Privacy Rule mandates an individual or organizations such as consultants who perform hospital utilization assessments or attorneys who provide legal counsel to their clients, to establish a Business Associate Agreement (BAA) with any of their partners and vendors to meet specific requirements with respect to the use and disclosure of PHI.
Direct liability of Business Associates according to Health Information Technology for Economic and Clinical Health (HITECH) Act includes:
Failure to enter into business associate agreements with subcontractors that create or receive PHI on their behalf, and failure to comply with the implementation specifications for such agreements.
Direct liability of Business Associates according to Health Information Technology for Economic and Clinical Health (HITECH) Act includes:
Failure to enter into business associate agreements with subcontractors that create or receive PHI on their behalf, and failure to comply with the implementation specifications for such agreements.
3Why is BAA very important when handling Protected Health Information?
Organizations are being held accountable for any data breaches resulting from their vendor’s conduct if they don't sign a BAA with them. A vendor is in charge of protecting your PHI after they agree to the BAA. When it comes to HIPAA and business associate agreements, both parties are held accountable for oversight of the PHI, not doing so would have a systemic negative impact on their entire system. A properly executed BAA can protect both parties in the event of a breach.
4What are the penalties for not securing a HIPAA-Compliant BAA?
Penalties for HIPAA violations can vary from $100 to $50,000 for individual violations, with a maximum fine of $1.5 million per calendar year for infractions, depending on the perceived amount of carelessness. Additionally, those who commit infractions risk spending time in jail. An example of a HIPAA violations is the failure to sign a HIPAA-Compliant Business Associate Agreement.
Securing a Business Associate Agreement is part of Shield Data Network onboarding process. We would gladly review and complete our client's own BAA document, or we can provide ours if needed. This maybe an added step but doing so can protect our clients from future headaches.
References:
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/factsheet/index.html
