Business Associate Agreements
What are they, and why do I need them?
In short, a Business Associate Agreement (BAA) establishes that trusted third parties you work with abide by protection and HIPAA Privacy Rules. These agreements should be documented with any entity which utilizes or has access to your data at any time. These types of partners include, but are not limited to, your CPA, hardware/software providers, and patient reminder vendors. A BAA ensures the third party works to handle your data safely, and protects you in the event they fail to keep your data secure. Your practice is undeniably at risk without these agreements in place; as you will likely assume liability for any breaches or mistakes that occur under their watch.
Do you have Business Associate Agreements to obtain? Don’t stress. These agreements should be simple to request from your partners. A great partner will provide these to you automatically, as it demonstrates they understand the importance of your practice security. We are proud to supply all of our partners with a BAA as soon as our relationship begins. If a vendor does not know what a BAA is, consider it a red flag!
For more information, consult HHS.gov and review their extensive content regarding BAA expectations and exceptions. Of course, we are happy to help answer any questions and assist you in the right direction!