A Necessary Partnership: HIPAA Compliance and Business Associate Agreements

Published in Member Communities on May 21, 2019

data image

Your organization is likely always thinking of better ways to protect patients’ private information throughout the course of business. In order to do this best, it’s important that you establish a secure partnership with another organization in order to tighten security on patient data. If this seems like a foreign language to you and you don’t know where to start, we are here to help. Here’s everything you should know about this essential partnership.

What is a HIPAA Business Associate Agreement?

Let’s start with a brief definition of a business associate. A business associate is any organization or entity that you do business with where they handle your protected health information (PHI). Because you allow them to handle and accept the information, it creates potential HIPAA violations. The business associates are often subcontractors that are hired to maintain or transmit PHI. They could be a large organization or even a lawyer.

A business associate agreement (BAA) is a binding, legal document that holds both parties liable to any wrongful dissemination of patient data according to HIPAA. The agreement states that the business associate will protect the information or be liable to the information breach. The agreement or document should state the use and explain the cybersecurity precautions that will be taken to protect the data should there be a breach.  They should also agree to not knowingly share the data with anyone. If you want to know where you currently stand on issues of security, let us assess your organization’s risk and compliance.

Does my organization need this?

Before giving anyone outside of your organization access to patient data, it is imperative that you have a contract binding them to liability with a BAA. They will be held to the same standard as you when it comes to HIPAA regulations. Some examples of businesses you work with that should sign a BAA are: medical billing companies, shredders and technology providers.

According to the March 2019 Healthcare Data Breach Report from the HIPAA Journal Newsletter, there was roughly one healthcare data breach per day, which resulted in the private information of 912,992 individuals being exposed. It is in your organization’s best interest to have a BAA, as it creates a level of mutual liability and protection. When your partner knows that they will be held to HIPAA standards, they will be just as vigilant to protecting the data due to the level of accountability expected from them.

It’s important to cover all your bases to protect yourself and your patients with a competent partnership. Get Breach Protection now with VGM Technologies.


comments powered by Disqus

From Our Experts

6 Ways to Make CPAP Repair Less Painful thumbnail 6 Ways to Make CPAP Repair Less Painful In this episode, we visit with Ronda Buhrmester, Sr. Director of Payer Relations & Reimbursement for VGM & Associates, and Dan Meyer, Chief Revenue Officer for Repair Authority, about providers' most pressing questions about CPAP repair and how Repair Authority has the solutions providers are looking for. Jurisdictions B and C: Claim Payment Alert 151 MUE Incorrect Processing thumbnail Jurisdictions B and C: Claim Payment Alert 151 MUE Incorrect Processing CGS Administrators recently sent out a news alert for Jurisdictions B and C. They aware of a claim payment issue in which some claims may have applied Medically Unlikely Edit (MUE) values incorrectly on the dates September 23, 2020 and September 24, 2020 only. Claims may have paid or denied in error as a result. CGS is correcting this issue and has indicated that it is a number 1 priority with them.  For more information, watch Ronda's vlog. HME - Past, Present & Future:  State of the Industry/Benchmarking Update thumbnail HME - Past, Present & Future: State of the Industry/Benchmarking Update I was honored to recently present at the 2020 HME News Business Summit, which was held Sept. 15-17, and, due to COVID-19, in a first-time “virtual” format. My session included a series of data, trends and analysis as to the state of the industry from 2010 to the present, and included financial and operational highlights from supplier submissions applicable to their 2019 results. Here is a summary of the presentation. Helping Your Employees Rebuild and Find Happiness thumbnail Helping Your Employees Rebuild and Find Happiness Every employee has a different set of circumstances coming at them, especially so far in 2020. While taking care of our employees, we still have businesses to run. To be successful, the best leaders will start with their employees. How do you help your employees to rebuild themselves and also find happiness? DMEPOS Warriors: Michael Tracey with Aspirus At Home Medical Equipment thumbnail DMEPOS Warriors: Michael Tracey with Aspirus At Home Medical Equipment VGM & Associates always enjoys highlighting our members who are a shining example of excellence in DME. The current business environment can be difficult to navigate and generating revenue can sometimes be a challenge. However, Michael Tracey shares with us how he helped lead Aspirus At Home Medical Equipment to success and provides tips for how Aspirus generates revenue. 10 Ways to Keep Your Employees Engaged During a Pandemic thumbnail 10 Ways to Keep Your Employees Engaged During a Pandemic In this episode, we sit down with Arienne Martinez, director of training and development for HOMELINK, a division of the VGM Group. Arienne chats with us about her recent article that was featured in the latest VGM playbook, “Protecting Your Most Important Asset: Your People,” about keeping your employees engaged during the pandemic, especially with much of the workforce working remote. Medtrade 2020 in Atlanta Now a Virtual Conference thumbnail Medtrade 2020 in Atlanta Now a Virtual Conference Medtrade 2020 in Atlanta recently announced that their in-person event has been canceled. They will be hosting a virtual conference in its place, November 4-5, 2020. Post-Pandemic: The Rise of Post-Acute Care, Key Panel Takeaways thumbnail Post-Pandemic: The Rise of Post-Acute Care, Key Panel Takeaways Clint Geffert recently moderated a panel for the HME News Business Summit with the industry's largest players that discussed the role HME providers played in keeping patients with milder cases of COVID-19 in their homes and acting as the pressure-release valve for overwhelmed hospitals. The panelists did such a nice job answering these questions (and more), Clint shares the key points that he took away from the session.