Why Your Practice Needs a BAA

with Gregory Ewing, JD, MPH, CISSP of Star Compliance Services*

Since 2008, roughly twenty percent of all reported incidents or 311 breaches impacting 26.6 million individuals involved business associates.

Keeping patients information safe and secure is not only necessary to maintain their privacy, but to protect your practice as well.  With so much confusion surrounding cybersecurity today, how do you ensure that you are doing everything necessary to protect your practice?

What is a BAA?

A healthcare provider may allow a business associate to create, receive, maintain, or transmit its electronic protected health information [ePHI] if the health care provider obtains written assurances that the business associate will appropriately safeguard the information.  A business associate agreement [BAA] is a vehicle to obtain these assurances.

Is a BAA required?

Under HIPAA, a person or organization that assists or performs a function or activity involving the use or disclosure of protected health information [PHI] is called a business associate.  If a health care provider wants to disclose PHI to a business associate to create receive, maintain, or transmit PHI on its behalf, then it must obtain satisfactory assurances that the business associate will appropriately safeguard the information.  This requirement does not apply when a person is acting as members of the workforce of the same health care provider or of another business associate.

Do I need a BAA? What does this mean for my practice?

Does your practice share its patient information with some of its vendors?  Is it possible that individuals outside of your practice may come into contact with protected information about your patients?  If so, it is required that you have a business associate agreement with those vendors.

If you are unsure if you need a BAA, we can help you understand your situation.

Where can I get a BAA?

We are offering an exclusive, limited opportunity to receive a customized business associate agreement template for your practice.  This template can be used with all vendors/outside contractors your practice engages with.  

To receive a customized business associate agreement template for your practice:

*Star Compliance Services is a compliance training and services company that provides simple training and materials that virtually anyone can understand and apply. 

Sara Simon

Asbury Park, NJ

Sara Simon is an Integrative Health Coach and a freelance blogger with a passion for collaboration between health and wellness professionals.  She is currently working to expand her own practice and help others find creative new ways to expand theirs.