HIPAA Business Associate Agreement

Information about HIPAA Business Associate Agreement

What Is a HIPAA Business Associate Agreement?

BAA, short for HIPAA Business Associate Agreement extends medical privacy standards to health care partners not directly subject to HIPPA. HIPAA defines the handlers of personally-identifying client information- billing services, online data backup services, as Business Associates. The law requires entities to obtain satisfactory assurances that associates will safeguard data. That “satisfactory assurance,” is the base of the BAA, which must be signed by clearing houses/claim processors.

HIPAA covers entities/organizations: health care providers in the US who meet certain criteria. They are responsible for protecting client confidentiality. All entities must make sure the people hired to handle information are living up to the same rules. To get that assurance, a HIPAA Business Associate Agreement is used. These are vital measures to acted on; in their absence, or careless application, penalties and fines will follow swiftly.

HIPAA defines those hired to handle personally-identifying client information — e.g. billing services, online data backup services, etc. — as “Business Associates.” The law states that we can work with such services if we “…obtain satisfactory assurances that the business associate will appropriately safeguard. That “satisfactory assurance,” is at the heart of the contract, known as a HIPAA Business Associate Agreement; “BAA” for short.

A HIPAA Business Associate Agreement is a promise from the Business Associate, to safeguard data in the same ways you, as a covered entity, are required to do. Another important injunction is the assurance that the Associate will track “security incidents,” and provide audit trails, as necessary, to show movement and details of patient data. The need for audit trails is a lesser-known aspect of the HIPAA Security Rule, and is overlooked due to the assumption that encryption is sufficient; but, in reality, more is necessary.

If you would like more information regarding HIPAA Business Associate Agreement, contact us today to discuss your requirements.

Complementary Services
Vulnerability Assessment
IT Risk Assessment
Social Engineering Testing and Training