Have you ever been asked to sign a HIPAA Business Associate agreement?
To the uninitiated, the process of bringing your business into HIPAA compliance can seem a little daunting. HIPAA Business Associate (BA) agreements can be long and convoluted affairs that no one wants to read. To anyone outside of an attorney's office the document
It's also worth noting that HIPAA BA agreements affect not only healthcare providers and insurers, but also every business that has access to medical information as a result of providing good and services to such entities.
Moreover, the legal and regulatory consequences of violating HIPAA BA rules (even unknowingly) can be crippling, even if said violation is purely accidental.
Therefore, it is important for any organization that deals with HIPAA compliance to have an understanding Business Associate agreements in order to save themselves from future costly compliance issues.
So, What is a HIPAA Business Associate Agreement?
First and foremost, when referencing a "Business Associate", this is anyone who performs certain functions or activities that involve the use or disclosure of personal health information. This can include accountants, consultants, pharmacies, payers (i.e., health insurance providers), laboratories, e-health record software vendors, RHIOs (Regional Health Information Organizations) and HIEs (Health Information Exchanges).
Under the U.S. Health Insurance Portability and Accountability act, a HIPPA BA is a contract between a company and those associates who have some level of access to Protected Health Information (PHI) that protects the information in accordance with HIPAA guidelines. It states what exactly the information will be used for and that it will be safeguarded against misuse. A HIPPA compliant BA should explicitly spell out how a company will respond to a data breach, including those that are caused by a business associate's subcontractors.
For more detailed information, visit U.S. Department of Health & Human Services' website detailing Business Associate Contracts.