![]() Require that any subcontractors hired by the business associate agree to the provisions of the HIPAA BAA.Require that when the contract is terminated, the business associate must either return or destroy all protected healthcare information.Require the business associate to make their internal practices, books and records available to federal Department of Health and Human Services (HHS).Require business associate’s to disclose protected health information in accordance with a covered entity’s obligation to provide this information for patients’ requests for their own health information.Require the business associate to immediately report any use or disclosure of information not provided for in the HIPAA BAA.Requirements that the business associate put safeguards in place to prevent the unauthorized use or disclosure of any protected healthcare record information – including adopting all the provisions of the HIPAA Security Rule that covers use of electronic healthcare records.Provisions ensuring that the business associate will not use information in anyway other than what is permitted in the agreement and required by law.Clearly establishing the permitted use and disclosure of protected health information.However, the federal government is very clear about the main requirements of a HIPAA BAA. Requirements for a HIPAA BAAīecause of the complexities of the HIPAA BAA, many medical operations hire attorneys to help them craft the specific language of the agreement. Government healthcare plans such as Medicare who also need access to patient recordsĪny business associate not on the covered list will need to, by law, enter into a HIPAA BAA.Covered insurance companies that must have patient information to properly perform their job.Other medical operations that need to share information for patient treatment (a specialist working with a primary care physician, for example).There are some businesses, individuals and government agencies that work with medical operations who are exempt from having to enter into a HIPAA BBA. To look at it another way, medical operations cannot enter into agreements with business associates who plan to use healthcare information for their own purposes. No matter who the business associate is, they can only have access to protected information to support the healthcare organization in performing its services. Who Can Be a Business Associate?īecause those who work in health IT often work for a company that contracts with a medical operation, they are often the “business associate” involved with a HIPAA BAA.Īnother example could be an attorney working for a healthcare organization and providing services that require access to some healthcare record information. The goal is to ensure that any business associate uses health information in a secure, safe manner and that patient information is not illegally disclosed or used. That agreement will clearly define where and how business associates can access protected health information, what information is off limits and how the information will be used. The guidelines in HIPAA require that covered entities – a hospital, for instance – must enter into a contract with business associates. ![]() These services involve access to healthcare records protected under HIPAA. In many cases, that is an individual or business that works in health IT, and may represent a service subcontracted out by healthcare organizations such as hospitals and physician clinics.Īs defined by the federal government, a business associate is any person or entity that performs healthcare record services for an insured medical provider, but is not a member of the workforce of the covered entity. HIPAA BBA DefinedĪ HIPAA BBA is entered into typically by an outside consultant who provides a service to a medical organization. It’s especially important to know for those working in health IT. ![]() The HIPAA BBA has become increasingly important as more medical operations adopt health IT, using technology to both manage and transmit healthcare information from one source to another. HIPAA is the 1996 federal law that covers issues of medical and insurance record privacy. In full, that stands for the Health Insurance Portability and Accountability Act Business Associate Agreement. Such agreements are formally known as a HIPAA BAA. ![]() In the complex world of health information technology, a business associate agreement is one of the most important aspects of maintaining electronic healthcare record security. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |