HIPAA Business Associate Agreement
Information about HIPAA Business Associate Agreement
What Is a HIPAA Business Associate Agreement?
BAA, short for HIPAA Business Associate Agreement
extends medical privacy standards to health care partners not directly
subject to HIPPA. HIPAA defines the handlers of personally-identifying
client information- billing services, online data backup services,
as Business Associates. The law requires entities to obtain satisfactory
assurances that associates will safeguard data. That “satisfactory
assurance,” is the base of the BAA, which must be signed by
clearing houses/claim processors.
HIPAA covers entities/organizations: health care providers in the US who meet
certain criteria. They are responsible for protecting client confidentiality.
All entities must
make sure the people hired to handle information are living up to
the same rules. To get that assurance, a HIPAA Business
Associate Agreement is used. These are vital measures to acted on; in their absence, or careless application, penalties and fines
will follow swiftly.
HIPAA defines those hired to handle personally-identifying
client information — e.g. billing services, online data backup services,
etc. — as “Business Associates.” The law states that we can work with
such services if we “…obtain satisfactory assurances that the business
associate will appropriately safeguard. That “satisfactory assurance,”
is at the heart of the contract, known as a HIPAA Business Associate
Agreement; “BAA” for short.
A HIPAA Business Associate Agreement is a promise from the Business Associate, to safeguard data in the same ways you, as a covered entity, are
required to do. Another important injunction is the assurance that the
Associate will track “security incidents,” and provide audit trails, as
necessary, to show movement and details of patient data. The need for audit
trails is a lesser-known aspect of the HIPAA Security Rule, and is
overlooked due to the assumption that encryption is sufficient; but, in
reality, more is necessary.
If you would like more information regarding HIPAA Business Associate Agreement, contact
us today to discuss your requirements.
Complementary Services
Vulnerability Assessment
IT Risk Assessment
Social Engineering Testing and Training