A Necessary Partnership: HIPAA Compliance and Business Associate Agreements

Published in Member Communities on May 21, 2019

data image

Your organization is likely always thinking of better ways to protect patients’ private information throughout the course of business. In order to do this best, it’s important that you establish a secure partnership with another organization in order to tighten security on patient data. If this seems like a foreign language to you and you don’t know where to start, we are here to help. Here’s everything you should know about this essential partnership.

What is a HIPAA Business Associate Agreement?

Let’s start with a brief definition of a business associate. A business associate is any organization or entity that you do business with where they handle your protected health information (PHI). Because you allow them to handle and accept the information, it creates potential HIPAA violations. The business associates are often subcontractors that are hired to maintain or transmit PHI. They could be a large organization or even a lawyer.

A business associate agreement (BAA) is a binding, legal document that holds both parties liable to any wrongful dissemination of patient data according to HIPAA. The agreement states that the business associate will protect the information or be liable to the information breach. The agreement or document should state the use and explain the cybersecurity precautions that will be taken to protect the data should there be a breach.  They should also agree to not knowingly share the data with anyone. If you want to know where you currently stand on issues of security, let us assess your organization’s risk and compliance.

Does my organization need this?

Before giving anyone outside of your organization access to patient data, it is imperative that you have a contract binding them to liability with a BAA. They will be held to the same standard as you when it comes to HIPAA regulations. Some examples of businesses you work with that should sign a BAA are: medical billing companies, shredders and technology providers.

According to the March 2019 Healthcare Data Breach Report from the HIPAA Journal Newsletter, there was roughly one healthcare data breach per day, which resulted in the private information of 912,992 individuals being exposed. It is in your organization’s best interest to have a BAA, as it creates a level of mutual liability and protection. When your partner knows that they will be held to HIPAA standards, they will be just as vigilant to protecting the data due to the level of accountability expected from them.

It’s important to cover all your bases to protect yourself and your patients with a competent partnership. Get Breach Protection now with VGM Technologies.


comments powered by Disqus

From Our Experts

The Importance of Diversity, Equity, and Inclusion in Your Business thumbnail The Importance of Diversity, Equity, and Inclusion in Your Business If there's anything 2020 taught us as an industry, it's that adapting to a changing marketplace is no longer optional. Keeping up can mean the difference between growing your business and simply staying afloat. If you have not begun prioritizing diversity, equity, and inclusion (DEI) in your business, now is the time to start. Read more on what it means, why it matters and small steps business owners can take. Using Net Promoter Score to Measure Customer Satisfaction thumbnail Using Net Promoter Score to Measure Customer Satisfaction Your company can probably survive without a customer satisfaction metric, but should it? And if you did want to measure customer satisfaction, where would you start? Stephanie Hookham explains how VGM uses NPS as a tool to gauge customer satisfaction. Telehealth in Complex Rehab: Part 3 thumbnail Telehealth in Complex Rehab: Part 3 In today's episode of Industry Matters President of U.S. Rehab, Greg Packer, and Vice President of Rehabilitation Program Development at HOMELINK, Kyle Walker, wrap up a 3-part podcast series on the importance telehealth has played, and will continue to play in the complex rehab industry. Register for the OPGA Members-Only Portal! thumbnail Register for the OPGA Members-Only Portal! As a member, you have exclusive access to the OPGA members-only portal. With one single login, you get access to all resources and materials available to members. OPGA Announces Website Redesign thumbnail OPGA Announces Website Redesign Refreshed and enhanced for a more user-friendly experience, this updated site makes it easier for members to find the information they're looking for. VGM Wound Care and Permobil Discuss the Importance of Seated Posture thumbnail VGM Wound Care and Permobil Discuss the Importance of Seated Posture In this episode of industry matters Director of Wound Care, Heather Trumm, talks with Stacey Mullis, Director of Clinical Marketing at Permobil, where “Every person has the right to have his or her disability compensated as far as possible by aids with the same technical standard as those we all use in our daily lives.” Heather and Stacy are going to dive right into dive into something that is often overlooked, and that is seated posture in wound care. Key Marketing Priorities for HME Providers in 2021 thumbnail Key Marketing Priorities for HME Providers in 2021 Now that 2020 is officially in the rearview mirror, it's time to get strategic in 2021 with resources, priorities, and investments. From a marketing perspective, healthcare delivery models have undoubtedly changed. Lindy Tentinger discusses key marketing priorities that can help your company achieve its business goals and set it up for continued success. CRT Telehealth Update from NCART thumbnail CRT Telehealth Update from NCART NCART and the CRT Remote Services Consortium announced their continued efforts to secure a permanent telehealth option for people with disabilities who require complex rehab technology (CRT).