Tag: Business Associate Agreement (BAA)
HIPAA: Back to the Basics with the BAA, Physician Practice, 2021.08.12
[embeddoc url=”https://community.poetllc.org/wp-content/uploads/2021/08/HIPAA-Back-to-basics-with-the-BAA-2021.08.12.pdf” download=”all” viewer=”google”]
HIPAA: Back to Basics with the BAA
With cybersecurity and criminal government actions involving protected health information (PHI), now is a good time to understand the importance of the required Business Associate Agreement (BAA).
HIPAA: Back to basics with the BAA
Defined: “business associate” is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. A “business associate” also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate. (emphasis added).
Business Associates encompasses a wide range of persons, which include, but are not limited to: accountants, attorneys, private equity firms, technology companies, app developers, independent contractors, medical device companies, and pharmaceutical companies. Bottom line—if you or your company “creates, receives, maintains, or transmits” protected health information in an electronic form, a BAA is required. This is not new—the requirement existed long before the HIPAA Final Omnibus Rule was published in the Federal Register on January 25, 2013.
HIPAA compliance is not optional and depending on the facts and circumstances, may lead to significant civil and/or criminal liability.
HIPAA, like the Federal Anti-Kickback Statute (AKS), has criminal penalties available to HHS. The DOJ is responsible for criminal prosecutions, as HHS states on its website.
Recent Comments