HIPAA Business Associate Agreement
Information about HIPAA Business Associate Agreement
What Is a HIPAA Business Associate Agreement?
BAA, short for HIPAA Business Associate Agreement extends medical privacy standards to health care partners not directly subject to HIPPA. HIPAA defines the handlers of personally-identifying client information- billing services, online data backup services, as Business Associates. The law requires entities to obtain satisfactory assurances that associates will safeguard data. That “satisfactory assurance,” is the base of the BAA, which must be signed by clearing houses/claim processors.
HIPAA covers entities/organizations: health care providers in the US who meet
certain criteria. They are responsible for protecting client confidentiality.
All entities must
make sure the people hired to handle information are living up to
the same rules. To get that assurance, a HIPAA Business
Associate Agreement is used. These are vital measures to acted on; in their absence, or careless application, penalties and fines
will follow swiftly.
HIPAA defines those hired to handle personally-identifying client information — e.g. billing services, online data backup services, etc. — as “Business Associates.” The law states that we can work with such services if we “…obtain satisfactory assurances that the business associate will appropriately safeguard. That “satisfactory assurance,” is at the heart of the contract, known as a HIPAA Business Associate Agreement; “BAA” for short.
A HIPAA Business Associate Agreement is a promise from the Business Associate, to safeguard data in the same ways you, as a covered entity, are required to do. Another important injunction is the assurance that the Associate will track “security incidents,” and provide audit trails, as necessary, to show movement and details of patient data. The need for audit trails is a lesser-known aspect of the HIPAA Security Rule, and is overlooked due to the assumption that encryption is sufficient; but, in reality, more is necessary.
If you would like more information regarding HIPAA Business Associate Agreement, contact
us today to discuss your requirements.
IT Risk Assessment
Social Engineering Testing and Training