Ever wonder what signing that Business Associate Agreement(BAA) really meant? Even if your firm did not sign a BAA but does business with a Covered Entity the Federal Laws under the HIPAA/HITECH Omnibus includes business associates under their enforcement jurisdiction.
A business associate is a company or person who does business with a covered entity and works with or is exposed to patient medical information. This information can be hard or electronic copies. Under HIPAA law, here’s what your role as a business associate requires you to do:
- Comply with the HIPAA Security Rule — Implement certain policies and procedures, as well as administrative, physical and technical safeguards to keep patient medical information protected.
- Obey the HIPAA Privacy Rule — Protect patient medical information from any kind of misuse and follow the terms and guidelines outlined in your business associate contracts with covered entities.
- Provide breach notifications if patient information is misplaced or compromised — Promptly notify your covered entity partners, and the patients in some cases, when any patient medical information is lost, stolen or compromised while in your possession.
- Train your employees — Properly training your employees on HIPAA and your role as a business associate is crucial in order for your company to keep patient health information safe and secure when in your possession.
Whether or not private health information is handled or stored by your company, it’s important to measure your HIPAA compliance and internal risks and vulnerabilities. You are able to do this by purchasing HIPAA One® and conducting your own internal mock-audit. HIPAA One® also gives you an onsite consulting option. With this option we provide consulting guidance, policies & procedures, and training for your company. Ensure your company stays HIPAA compliant and follows the requirements of your role as a business associate with our affordable, easy-to-use and business-associate optimized HIPAA One® online software solution.
Don’t have an EHR/EMR? Most business associates don’t. HIPAA One® in self-assessment mode or using our security consultants will provide a fully-compliant risk analysis focusing on all your other internal policies, procedures, processes and technical safeguards relevant to business associates.