by AJ Riviezzo
One of the more non-compliant elements that small practices have is the lack of a completed Business Associate Agreement (BAA). This is a relatively easy element to accomplish that can help ensure HIPAA compliance of your non-employee relationships.
A ‘business associate’ is someone that does work for you without being a direct employee. This includes any contractors, sub-contractors or other entities that may create, receive, maintain, has access to or transmits protected health information either directly or indirectly. Good examples of this type of entity are your billing company, your IT professional if they work in your EHR or practice management system, and possibly even your marketing agent or company should they review information that contains first and last name of the patient. In short, anyone associated with your practice that may see patient health information should have a signed BAA on file
The document is essentially a contract between your practice and the business associate that outlines that the associate will ensure appropriate safeguards in protecting the health information. The agreement should further note the permitted and required uses/disclosures of any health information.
While this yet another hoop to jump through for the government, unlike most, this one is relatively easy to obtain and maintain. A copy or the original can reside in your HIPAA file where you have the employee HIPAA documents they have signed. Below please find links for two sample BAA’s.
American Physician Financial Solutions, LLC | | aj@apfsbilling.com | https://www.apfsbilling.com
1125 Kelly Johnson Blvd., Suite 300
Colorado Springs, CO 80920
No comments yet.