Physicians Practice August 26, 2021
Rachel V. Rose, JD, MBA

Understanding what should be included in a required HIPAA BAA is essential.

Earlier this month, I wrote an article HIPAA: Back to basics with the BAA, where I promised to write about the nuances of the requisite business associate agreement (BAA). Unless someone is new to the healthcare industry or a business associate (which includes subcontractors) that recently started creating, receiving, maintaining, or transmitting (including storage) protected health information (PHI), by now there should be an awareness that a business associate is directly liable under the HIPAA Rules. Like covered entities, business associates may be subject to civil, and in egregious cases, criminal penalties.

This leads us to the BAA—a written agreement between the parties that serves three primary purposes:

...

Today's Sponsors

ZeOmega
Holon
Transcarent

Today's Sponsors

Crossover Health
Qure4u

Today's Sponsor

Institute for Healthcare Improvement

 
Topics: Govt Agencies, HIPAA, Provider
Third-party health apps are vulnerable to hacks, report finds
HIPAA Considerations Applicable to Digital Health Providers
US Regulatory Considerations Applicable to Digital Health Providers and Suppliers - Part II: HIPAA (Continued) & Additional Important Privacy Considerations
US Regulatory Considerations Applicable to Digital Health Providers and Suppliers - Part I: HIPPA
HIPAA and Pro Sports: Let’s Get the Record Straight