Health Information Compliance Alert
What Are The Dangers Of Not Complying With New BAA Standards?
PDF
Question: Despite the Sept. 22 deadline, we have not yet updated our business associate agreement (BAA) contracts. What happens now?
Answer: “Technically, a healthcare practice faces statutory penalties for any improperly used or leaked PHI,” answered attorney David Schoolcraft of Ogden Murphy Wallace Attorneys in a Sept. 15 interview with DocuSign. “For example, if a healthcare provider contracts with a medical billing vendor without an updated BAA, they face stiff penalties should there be any improper use of PHI.”
“Updating your BAAs is a risk management strategy, and it allows you to add additional protection clauses, such as stipulations about the use of data and operations in the cloud,” Schoolcraft stated. “With the proliferation of cloud vendors and third parties working with healthcare providers, the new BAAs provide a mechanism to not only require the safeguarding of PHI and the reporting of a breach, but the sharing of responsibility when a breach does occur.”
If you don’t update your BAAs, you won’t have the opportunity to ensure that you have sufficient indemnification and insurance provisions in place, Schoolcraft continued. And without such provisions, you cannot necessarily expect reimbursement and defense from the business associate in the event of a breach.
Health Information Compliance Alert
- Case Study:
Don't Overlook Data Breach Risks From Desktop Thefts
Are you including desktop computers in your security risk assessment? No healthcare provider is immune [...] - HIPAA Compliance:
How Your HIPAA Obligations Regarding Same-Sex Marriage Have Changed
OCR augments the definitions of spouse, marriage, and family member. The U.S. Supreme Court ruled [...] - Data Security:
Weigh The Benefits Vs. The Risks Of Storing Data In The Cloud
How a signed BAA doesn’t ensure HIPAA compliance. Cloud services are incredibly helpful for many [...] - Reader Question:
What Are The Dangers Of Not Complying With New BAA Standards?
Question: Despite the Sept. 22 deadline, we have not yet updated our business associate agreement (BAA) [...] - Reader Question:
Can You Let NPP Rules Slide In This Situation?
Question: We sometimes need to collect preoperative information about a new patient over the phone prior [...] - Reader Question:
Are There Security Rule Considerations For Telemedicine?
Question: One of our practice’s nurse practitioners provides occasional telemedicine services via videoconferencing. Does the Security [...] - Enforcement News:
Can PHI Really End Up On Google? Yes, This Happened
Plus: Big security flaw puts Unix systems at risk. Yet another data breach serves as [...]