Muhammad Sair Khan
USE A BUSINESS ASSOCIATE AGREEMENT FOR HIPAA COMPLIANCE
Why Use a Business Associate Agreement?
Because healthcare providers frequently outside vendors and subcontractors, it is important to maintain a network of trustworthy partners who value the protection of patient data.
All medical practitioners should use a business associate agreement with any contractor who has access to, or transmits patient data. Without one, there is risk for violating HIPAA privacy laws with can lead to to costly fines. It is the physician's responsibility to be proactive in creating a plan to ensure HIPAA compliance. This begins with understanding who qualifies as a business associate and how that business partner using the patient’s data.
Who is a Business Associate?
According to the Department of Health and Human Services, a business associate is a person or entity that has access to protected health information (PHI) when acting on behalf of or providing services to a covered entity. The most common examples are contractors who gather patient data, perform utilization reviews, submit claims, or handle accounting. If a contractor has any contact with protected health information, an agreement must be in place.
To determine whether a vendor you work with qualifies as a business associate, consider the following:
• Do they act on my behalf?
• Are they a member of my workforce?
• Do they receive, transmit or maintain protected health information?
Guidelines around business associates are not as black and white. Services such as data hosting and even paper shredding qualify for a business associate agreement. IT contractors and software developers are also candidates.
Protecting patients’ privacy requires ongoing monitoring by healthcare providers. You can access questionnaires for self-assessment and should perform them on a regular basis. By establishing policies and procedures around PHI, you will protect yourself from disclosure liability and costly penalties.
If you would like help determining whether your practice is following HIPAA guidelines, request a complimentary consultation with Kris, the founder of our Datapro Billing team!