A Necessary Partnership: HIPAA Compliance and Business Associate Agreements

Published in Member Communities on May 21, 2019

data image

Your organization is likely always thinking of better ways to protect patients’ private information throughout the course of business. In order to do this best, it’s important that you establish a secure partnership with another organization in order to tighten security on patient data. If this seems like a foreign language to you and you don’t know where to start, we are here to help. Here’s everything you should know about this essential partnership.

What is a HIPAA Business Associate Agreement?

Let’s start with a brief definition of a business associate. A business associate is any organization or entity that you do business with where they handle your protected health information (PHI). Because you allow them to handle and accept the information, it creates potential HIPAA violations. The business associates are often subcontractors that are hired to maintain or transmit PHI. They could be a large organization or even a lawyer.

A business associate agreement (BAA) is a binding, legal document that holds both parties liable to any wrongful dissemination of patient data according to HIPAA. The agreement states that the business associate will protect the information or be liable to the information breach. The agreement or document should state the use and explain the cybersecurity precautions that will be taken to protect the data should there be a breach.  They should also agree to not knowingly share the data with anyone. If you want to know where you currently stand on issues of security, let us assess your organization’s risk and compliance.

Does my organization need this?

Before giving anyone outside of your organization access to patient data, it is imperative that you have a contract binding them to liability with a BAA. They will be held to the same standard as you when it comes to HIPAA regulations. Some examples of businesses you work with that should sign a BAA are: medical billing companies, shredders and technology providers.

According to the March 2019 Healthcare Data Breach Report from the HIPAA Journal Newsletter, there was roughly one healthcare data breach per day, which resulted in the private information of 912,992 individuals being exposed. It is in your organization’s best interest to have a BAA, as it creates a level of mutual liability and protection. When your partner knows that they will be held to HIPAA standards, they will be just as vigilant to protecting the data due to the level of accountability expected from them.

It’s important to cover all your bases to protect yourself and your patients with a competent partnership. Get Breach Protection now with VGM Technologies.


comments powered by Disqus

From Our Experts

Understanding Enrollment Status, Assigned vs. Non-Assigned, and the ABN thumbnail Understanding Enrollment Status, Assigned vs. Non-Assigned, and the ABN A major part of business development is understanding your payer mix and which products and services should be reimbursable versus cash sale items. What could you bundle together in your offering to expand business—specifically items that can be sold for retail alongside your reimbursable items? You might not necessarily offer everything right now, but these are the areas you can look to expand into. This resource outlines how to navigate reimbursement to help grow your business. U.S. Rehab Tech Training at Heartland Addresses All Levels of Experience thumbnail U.S. Rehab Tech Training at Heartland Addresses All Levels of Experience Complex rehab providers attending VGM's 20th Heartland Conference will have the opportunity to increase their expertise in repairing and programming complex rehab wheelchairs as part of U.S. Rehab's Tech Training. VGM & Associates Releases Customer-Centric Playbook thumbnail VGM & Associates Releases Customer-Centric Playbook VGM & Associates has released the third installment of their 2021 quarterly playbook series, which contains insight and best practices for making your business customer-centric. Heartland Session Sneak Peek: Procurement, Inventory Management & Cash Flow thumbnail Heartland Session Sneak Peek: Procurement, Inventory Management & Cash Flow Get great advice and more during the Heartland Conference Panel: Procurement, Inventory Management & Cash Flow moderated by Gerry Finazzo. During this session, attendees will learn how to identify ways to improve purchasing practices, mitigate inventory liability, identify ways to increase cash flow and lower activity costs. An Inside Look with Clint, Episode 8: VGM Government thumbnail An Inside Look with Clint, Episode 8: VGM Government President of VGM & Associates, Clint Geffert, sat down with John Gallagher, vice president of VGM Government, to discuss how VGM Government helps VGM members navigate the complexities of the legislative process and the importance of grassroots advocacy in the HME industry. Member Spotlight: Shelly Hoover, President and Co-Founder, and David Hoover, CEO and Co-Owner of Vets First DME, LLC thumbnail Member Spotlight: Shelly Hoover, President and Co-Founder, and David Hoover, CEO and Co-Owner of Vets First DME, LLC Vets First DME began at the intersection of preparation and opportunity, with a dash of circumstance. Read more about the amazing Hoover family as they combined the family's knowledge and experience to start Vets First DME, LLC. CMS Announces 90-Day Extension For CRT Manual Wheelchair Accessories thumbnail CMS Announces 90-Day Extension For CRT Manual Wheelchair Accessories CMS announced a 90-day extension of the suspension of the application of Medicare Competitive Bidding Program pricing to CRT manual wheelchair accessories. The current policy will stay in place through October 1 and there will not be any payment cuts or claims processing changes. Don't Allow Medicare Advantage Plans and MCOs Take Advantage of YOU! thumbnail Don't Allow Medicare Advantage Plans and MCOs Take Advantage of YOU! The HME supplier has always had challenges in getting paid timely and accurately for the items and services they provide to their customers. This is an assumed cost of doing business but the HME supplier still does this because of the reward of taking care of their customers. But nothing has challenged the supplier as much as when a customer has a Medicare Advantage Plan or an MCO.