Physicians Practice August 26, 2021
Rachel V. Rose, JD, MBA

Understanding what should be included in a required HIPAA BAA is essential.

Earlier this month, I wrote an article HIPAA: Back to basics with the BAA, where I promised to write about the nuances of the requisite business associate agreement (BAA). Unless someone is new to the healthcare industry or a business associate (which includes subcontractors) that recently started creating, receiving, maintaining, or transmitting (including storage) protected health information (PHI), by now there should be an awareness that a business associate is directly liable under the HIPAA Rules. Like covered entities, business associates may be subject to civil, and in egregious cases, criminal penalties.

This leads us to the BAA—a written agreement between the parties that serves three primary purposes:

...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Govt Agencies, HIPAA, Provider
Related Articles:
HHS finalizes reproductive health data protections
HIPAA update protects privacy of reproductive health information
More FTC Privacy Action
White House moves to protect patient abortion records
OCR launches webpage with HIPAA FAQs on Change Healthcare cyberattack

Share This Article