Physicians Practice August 26, 2021
Understanding what should be included in a required HIPAA BAA is essential.
Earlier this month, I wrote an article HIPAA: Back to basics with the BAA, where I promised to write about the nuances of the requisite business associate agreement (BAA). Unless someone is new to the healthcare industry or a business associate (which includes subcontractors) that recently started creating, receiving, maintaining, or transmitting (including storage) protected health information (PHI), by now there should be an awareness that a business associate is directly liable under the HIPAA Rules. Like covered entities, business associates may be subject to civil, and in egregious cases, criminal penalties.
This leads us to the BAA—a written agreement between the parties that serves three primary purposes:...