Using Your Business Associate Agreements
Jun 23, 2020Hi, this is Dave Kats, therapist, consultants and I have a tip for you.
We're often asked how you use a business associate agreement. Let's back up and start this way. First, you have to be HIPAA compliant. One of the many things you have to do to be HIPAA compliant is have a business associate agreement. A business associate agreement is an agreement that you give to anybody that you do business with in your practice that has the opportunity to see your patient records in any way, shape or form.
If you have, for instance, a software company that could look in your computer and see your information on your patients, they have to sign a business associate agreement. Now, the business associate agreement a few years ago, it was only a page long, but in the final rule, they made it a lot longer agreement and now it's about five pages long and the value of having a business associate agreement is this. If the business associate that comes into your office, see something in your office and tell someone else about it.
In other words, they break the HIPAA privacy policy, then you are not as involved as if you didn't have them sign the associate agreement. In other words, it puts the onus on their back. You should have business associate agreement form signed by your software company, your hardware company. If you do mailings, your mailing company, if they see your main email list or your regular mailing list, they should all sign business associate agreements.
Now, who doesn't have to sign a business associate agreement? Those people who come in your office that have virtually no chance of seeing any patient records don't have to sign like a janitor for instance or an electrician. There are also one other group that does not have to sign in. Those people are people that are conduit people like the post office. If you mail things, the post office doesn't have to give you a HIPAA agreement because they're just a conduit, they mail it from one place to another.
The last place that doesn't have to do a HIPAA agreement with you is a financial institution because strangely enough, financial information is not considered HIPAA sensitive, so you don't have to have with your bank or your post office or people like that but if you have a hardware people, if you have software people, if you have people that do your mailing for you, they all need to sign business associate agreements.
Now, take that five-page agreement that they've signed and keep it in the back of your HIPAA manual and that way you'll always have it if you're called into question about whether you have HIPAA compliant business associate agreements.
This is Dave Kats. Thanks for listening.
Stay connected with news and updates!
Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.