A Necessary Partnership: HIPAA Compliance and Business Associate Agreements

Published in Member Communities on May 21, 2019

data image

Your organization is likely always thinking of better ways to protect patients’ private information throughout the course of business. In order to do this best, it’s important that you establish a secure partnership with another organization in order to tighten security on patient data. If this seems like a foreign language to you and you don’t know where to start, we are here to help. Here’s everything you should know about this essential partnership.

What is a HIPAA Business Associate Agreement?

Let’s start with a brief definition of a business associate. A business associate is any organization or entity that you do business with where they handle your protected health information (PHI). Because you allow them to handle and accept the information, it creates potential HIPAA violations. The business associates are often subcontractors that are hired to maintain or transmit PHI. They could be a large organization or even a lawyer.

A business associate agreement (BAA) is a binding, legal document that holds both parties liable to any wrongful dissemination of patient data according to HIPAA. The agreement states that the business associate will protect the information or be liable to the information breach. The agreement or document should state the use and explain the cybersecurity precautions that will be taken to protect the data should there be a breach.  They should also agree to not knowingly share the data with anyone. If you want to know where you currently stand on issues of security, let us assess your organization’s risk and compliance.

Does my organization need this?

Before giving anyone outside of your organization access to patient data, it is imperative that you have a contract binding them to liability with a BAA. They will be held to the same standard as you when it comes to HIPAA regulations. Some examples of businesses you work with that should sign a BAA are: medical billing companies, shredders and technology providers.

According to the March 2019 Healthcare Data Breach Report from the HIPAA Journal Newsletter, there was roughly one healthcare data breach per day, which resulted in the private information of 912,992 individuals being exposed. It is in your organization’s best interest to have a BAA, as it creates a level of mutual liability and protection. When your partner knows that they will be held to HIPAA standards, they will be just as vigilant to protecting the data due to the level of accountability expected from them.

It’s important to cover all your bases to protect yourself and your patients with a competent partnership. Get Breach Protection now with VGM Technologies.


comments powered by Disqus

From Our Experts

AOPA from the Perspective of a First-Time Attendee thumbnail AOPA from the Perspective of a First-Time Attendee The AOPA National Assembly was held September 9-11, 2021 and even though COVID-19 is still a concern, show organizers were able to host a successful and safe event for the O&P profession. OPGA was excited to be back in person at the event. Embracing the Rise of Patient Centricity thumbnail Embracing the Rise of Patient Centricity Breaking news: Your patients are changing. You may notice their behaviors are becoming much more consumer-like. And with this, they are looking for healthcare experiences that match suit with their consumer experiences. Nupura Kolwalkar, Chief Product Officer from Brightree, discusses how to better provide patient-centric care. Final Analysis: COVID-19 Government Stimulus Packages thumbnail Final Analysis: COVID-19 Government Stimulus Packages Healthcare providers were presented with several economic stimulus programs to relieve some of the burdens brought on by the COVID-19 public health emergency (PHE). Mark Higley and Craig Douglas provide a synopsis of the programs as of September 2021. Seat Elevation Congressional Sign-On Letter Sent to CMS thumbnail Seat Elevation Congressional Sign-On Letter Sent to CMS Early in October, we asked for your assistance to call your representatives and ask them to sign on to the CRT Congressional letter to CMS. The letter was sent to CMS with 77 signatures on October 6, 2021. Minding the Customer Experience: In-Person, Online, and With Shipping thumbnail Minding the Customer Experience: In-Person, Online, and With Shipping Rob Baumhover discusses how to build repeat customers through customer service and customer experience. HME Woman of the Year Nominations Now Open thumbnail HME Woman of the Year Nominations Now Open Nominations for the 2021 HME Woman of the Year Award are being accepted through Oct. 22. HME Woman of the Year Nominations Now Open thumbnail HME Woman of the Year Nominations Now Open Nominations for the 2021 HME Woman of the Year Award are being accepted through Oct. 22. VGM & Associates Releases Sales and Marketing-Focused Playbook thumbnail VGM & Associates Releases Sales and Marketing-Focused Playbook VGM & Associates has released the fourth installment of their 2021 quarterly playbook series, “VGM Playbook: Optimizing Sales and Marketing in the DMEPOS Space.”