Business Associate Agreement

Information about Business Associate Agreement

What Is a HIPAA Business Associate Agreement?

BAA means Business Associate Agreement. HIPAA defines those hired to handle personally-identifying client information: billing services, online data backup services, as “Business Associates.” The law requires entities to obtain satisfactory assurances that the business associate will safeguard. That “satisfactory assurance,” sets the foundation for a contract, in the form of a Business Associate Agreement, which must be signed between hospitals and other entities, and those they hire as clearing houses/claim processors.

HIPAA covers entities/organizations: health care providers in the US who meet certain criteria. They are responsible for protecting client confidentiality. All entities must make sure the people hired to handle information are living up to the same rules. To get that assurance, a Business Associate Agreement is used. These are vital measures to be put in place; in their absence, or careless application, penalties and fines will follow swiftly.

HIPAA defines those people hired to handle personally-identifying client information — e.g. billing services, online data backup services, etc. — as “Business Associates.” The law states that we can work with such services if we “…obtain satisfactory assurances that the business associate will appropriately safeguard. That “satisfactory assurance,” is at the heart of the contract, known as a Business Associate Agreement, a “BAA” for short.

A Business Associate Agreement is a promise from the Business Associate, to safeguard data in the same ways you, as a covered entity, are required to do. Another important injunction is the assurance that the Associate will track “security incidents,” and provide audit trails, as necessary, to show movement and details of your data. The need for audit trails is a lesser-known aspect of the HIPAA Security Rule, and is overlooked due to the assumption that encryption is sufficient; but, in reality, more is necessary.

If you would like more information regarding Business Associate Agreement and HIPAA, contact us today to discuss your requirements.

Complementary Services
Vulnerability Assessment
IT Risk Assessment
Social Engineering Testing and Training