A complete set of 3 agreements applicable to any organization who handles PHI in any form.
More and more healthcare organizations are landing in hot water due to non-compliant Business Associate Agreements (BAAs) which are a critical, but sometimes misunderstood, part of HIPAA. Many organizations still have serious questions and doubts about the specific actions of their business associates (BAs) which might expose them to grave risks.
HIPAA rules require covered entities to contract with every business associate, and sub-contractor, to ensure that the BAs adopt necessary safeguards to protect PHI in any form. These contracts serve to explain and limit, as appropriate, the permissible uses and disclosure of PHI by the business associates.
Define Clearly Your BA’s Responsibility and Liability
Clarity in spelling out policies and procedures in the BAA what the BA’s responsibility — possibly even liability — would be in case of a breach would go a long way to protect your setup in the event of a breach. It should define the procedure for notification and the necessary steps that need to be taken as damage control.
Need help with framing your business associate agreement? The HIPAA Institute Business Associate Agreement toolkit provides a simple solution of this problem.
Business Associate Agreement Toolkit — Product Description
This toolkit consists of 3 agreements that are required for covered entities as well as business associates to be HIPAA compliant.
1. Business Associate Agreement
2. Subcontractor Business Associate Agreement
3. Vendor Non Disclosure Agreement
Your business associates should be directly liable to ensure the safety of protected health information, and it is your responsibility to sign a contract with your BAs before any kind of PHI transfer. Failing to do so or using old business associate agreements could put your organization in jeopardy.