Health Information Compliance Alert

Make Sure Your BAAs Are HIPAA-Compliant to Avoid Getting Burned

Published on Fri Jan 27, 2017

PDF

Unauthorized access and disclosure land many a practice in hot water annually. Oftentimes, this type of breach cannot be controlled by physicians and their certified staff, who diligently follow HIPAA to the letter. Despite these providers’ efforts to stay compliant, the errors can usually be traced to business associates, who either fail to acknowledge the rules or are unaware of them. Ensuring that your business associate agreements (BAAs) are enforced can help you avoid issues down the road.

Who’s to Blame?

“There is really no reason why a provider shouldn’t have BAAs in place in 2017,” says Michael D. Bossenbroek, Esq. of Wachler & Associates, P.C. in Royal Oak, Michigan. Though an occasional infraction might slip by now and then, setting up a firm BAA will likely help you dodge this common breach. The BAA helps enforce the principles of HIPAA, and partners who refuse to enter into this type of contract probably aren’t worth your time.

“Providers need to give careful thought to identifying their business associates and making sure that they have a HIPAA-compliant BAA in place with those business associates,” Bossenbroek says. “Providers aren’t necessarily responsible for the actions of their business associates, but a failure to execute a BAA is an easy way to get pulled into a business associate’s breach or failure to comply with HIPAA.”

Consider this. A strong BAA should be a top priority with clearly defined procedures and policies, guidance from the OCR and HHS suggest. Both federal agencies bring a myriad of tools to the table to help you address these types of issues. Here are a few of the materials they present to help you set up HIPAA-compliant BAAs:

Comprehensive risk analysis tool
Monthly OCR Cyber Awareness Newsletter
Outline and overview of the HIPAA Security Rule with printables and links
Safeguards and set up templates for your practice’s HIPAA program.

Resource: For a look at the HHS link, visit https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html.

Health Information Compliance Alert

Case Study:
GAO Report Suggests CEHRT May Hamper MACRA Success for Small Practices
Health IT doesn’t have to be a struggle with the right approach. Today’s physicians are [...]

These Health IT Acronyms Are Often Misused — This Handy List Explains the Differences
Many use EMR and EHR interchangeably, but they actually refer to different things. The same [...]

EHR Trends:
Small Practice Set-Up: Look to Cloud-Based Tech If You Want to Get Ahead
Cost, ease-of-use, and dependability top the reasons for implementing cloud-based EHRs. The old saying goes, [...]

Boom or Bust:
Avoid a Botched EHR Implementation with This Expert Advice
Many enter the field of medicine with high hopes of engaging with the public on [...]

Compliance:
HIPAA 101: Report Breaches When They Happen to Reduce Penalties
A recent enforcement case highlights the importance of timely HIPAA-breach reporting. Haste makes waste or [...]

Make Sure Your BAAs Are HIPAA-Compliant to Avoid Getting Burned
Unauthorized access and disclosure land many a practice in hot water annually. Oftentimes, this type [...]

Enforcement News:
ONC Enlists the States' Help with Protecting Patient Information
Due to a multitude of state laws and organizational roadblocks set up to implement HIPAA [...]

View All