By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    data-driven image seo
    Data Analytics Helps Marketers Substantially Boost Image SEO
    8 Min Read
    construction analytics
    5 Benefits of Analytics to Manage Commercial Construction
    5 Min Read
    benefits of data analytics for financial industry
    Fascinating Changes Data Analytics Brings to Finance
    7 Min Read
    analyzing big data for its quality and value
    Use this Strategic Approach to Maximize Your Data’s Value
    6 Min Read
    data-driven seo for product pages
    6 Tips for Using Data Analytics for Product Page SEO
    11 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: The HIPAA Privacy Rule and the Need for a Business Associate Agreement
Share
Notification Show More
Latest News
anti-spoofing tips
Anti-Spoofing is Crucial for Data-Driven Businesses
Security
ai in software development
3 AI-Based Strategies to Develop Software in Uncertain Times
Software
ai in ppc advertising
5 Proven Tips for Utilizing AI with PPC Advertising in 2023
Artificial Intelligence
data-driven image seo
Data Analytics Helps Marketers Substantially Boost Image SEO
Analytics
ai in web design
5 Ways AI Technology Has Disrupted Website Development
Artificial Intelligence
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Culture/Leadership > The HIPAA Privacy Rule and the Need for a Business Associate Agreement
Culture/LeadershipPolicy and GovernancePrivacy

The HIPAA Privacy Rule and the Need for a Business Associate Agreement

onlinetech
Last updated: 2011/11/15 at 1:02 PM
onlinetech
3 Min Read
SHARE
- Advertisement -

You’re a covered entity (your company processes, stores or transfers any type of patient information), and you’re outsourcing your HIPAA hosting services to a third party (an IT vendor, a billing company, etc.).

But before you can do that, you need to sign a business associate agreement (BAA) with your business associate (BA), according to the HIPAA Privacy Rule. But what’s in a business associate agreement contract?

You’re a covered entity (your company processes, stores or transfers any type of patient information), and you’re outsourcing your HIPAA hosting services to a third party (an IT vendor, a billing company, etc.).

More Read

AI leads to a new range of cybersecurity risks for social media users

AI Significantly Increases the Dangers of Social Media Hacking

What Are the Most Serious Privacy Concerns Regarding Big Data?
5 Sneaky Ways Hackers Try to Steal Information
What Role Does Breach and Attack Simulation Play in Data Protection?
How to Protect Data Within an App With RASP Security

But before you can do that, you need to sign a business associate agreement (BAA) with your business associate (BA), according to the HIPAA Privacy Rule. But what’s in a business associate agreement contract?

The U.S. Department of Health and Human Resources (HHS) has a sample business associate contract available on its site listing all the provisions for those that are curious.

While this shouldn’t be copied precisely and is more of a guide than a complete document, it does offer insight into the general terms that a BAA should address, with the addition of customized provisions specific to certain companies’ needs.

A summary of the primary provisions include:

  • Obligations and Activities of Business Associate
    • No use or disclosure of protected health information (PHI) unless it’s permitted or required by law.
    • Must use proper safeguards to prevent use or disclosure of PHI.
    • Mitigation in the event of a data breach.
    • Must report any use or disclosure of PHI.
    • Ensures others (subcontractors) agree to the same BAA.
    • Allows CE access PHI.
    • Must create documented HIPAA policies and procedures.
    • Document any PHI disclosures.
  • Permitted Users and Disclosures by Business Associate
    • Specifies when BA can use or disclose PHI on behalf of the CE.
  • Specific Use and Disclosure Provisions (if applicable)
    • When or why a BA would disclose or use any PHI, to report law violations, with CE permission, or to provide any kind of data aggregation reports to the CE). 
  • Obligations of Covered Entity
    • The CE will notify the BA of any changes in permission (including restrictions or revocation) of the individual to use or disclose PHI. 
  • Permissible Requests by Covered Entity
    • Terms and effective dates
    • How PHI will be handled after termination (returned or destroyed)
    • Reasons for termination

If you’re a covered entity, protect your company and your patients/clients by signing a thorough BAA. As a best practice recommended for HIPAA compliance, it will only strengthen your ability to pass a HIPAA audit, should the auditors come to your door.

Have other questions about compliance and BAAs? Read our HIPAA FAQ to find answers about BAs, hosting and agreements.

Source:
Business Associate Contracts

onlinetech November 15, 2011
Share this Article
Facebook Twitter Pinterest LinkedIn
Share
- Advertisement -

Follow us on Facebook

Latest News

anti-spoofing tips
Anti-Spoofing is Crucial for Data-Driven Businesses
Security
ai in software development
3 AI-Based Strategies to Develop Software in Uncertain Times
Software
ai in ppc advertising
5 Proven Tips for Utilizing AI with PPC Advertising in 2023
Artificial Intelligence
data-driven image seo
Data Analytics Helps Marketers Substantially Boost Image SEO
Analytics

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

AI leads to a new range of cybersecurity risks for social media users
Artificial Intelligence

AI Significantly Increases the Dangers of Social Media Hacking

11 Min Read
big data privacy concerns
Privacy

What Are the Most Serious Privacy Concerns Regarding Big Data?

8 Min Read
Adjust Windows settings for better data privacy
PrivacyRisk Management

5 Sneaky Ways Hackers Try to Steal Information

6 Min Read
data protection guide
Security

What Role Does Breach and Attack Simulation Play in Data Protection?

7 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?