Whether you're a healthcare provider, insurance provider or a third-party billing company, you're bound to come in contact with PHI. You should have a BAA in place to protect you from liability.
A Business Associate Agreement (BAA) is a contract between a HIPAA-covered entity and a third-party service provider. It's a legal contract that defines the permitted uses of PHI and limits the liability of both parties.
BAAs are not always legally binding. However, they create a liability bond between the parties and are required by law. When there is a breach of PHI, the party that did not commit the breach must report it to the Department of Health and Human Services (HHS). They may be required to pay fines for their violations.
The BAA also helps ensure that both parties are aware of the HIPAA requirements and that the BA is actively implementing these requirements. It also establishes a number of standards for the use of PHI. It may also detail relationships between the BA and other third parties. It is important to use a BAA that is personalized for each party.
HIPAA regulations require that Business Associates implement appropriate safeguards for protected health information (PHI). They also have to destroy PHI at the end of the contract. They may also be required to comply with individuals' requests for copies of their PHI.
A BAA must also ensure that PHI is secured, encrypted and available electronically. It may also need to include audit controls and authentication controls.
SITES WE SUPPORT HIPAA Direct Mail Rules - Blogspot
SOCIAL LINKS