HIPAA HITECH Business Associate Agreements

April 18, 2013

Add Drinker, Biddle & Reath LLP, to the growing list of health care law firms telling covered entities that they must pay more attention to their BAs and their sub-contractors. In an article in Lexology on Tuesday they said:

“A BAA must include the following newly required statements: that the business associate will comply with the Security Rule with regard to electronic PHI, that the business associate will report breaches of unsecured PHI to covered entities, and that the business associate will ensure subcontractors that create or receive PHI on behalf of the business associate agree in writing to the same restrictions and conditions that apply to the business associate with respect to such information. Additionally, business associate agreements must include a provision requiring that to the extent a business associate agrees to carry out covered entity obligations, the business associate must comply with the requirements of the Privacy Rule that apply to the covered entity. All BAA requirements also apply to agreements between business associates and subcontractors. Note the business associate remains directly liable for its obligations under HIPAA regardless of whether there is a BAA in place.”

BA Tracker gives the covered entity the tool needed to manage their BAs properly. Not only will they know when they signed their BA agreement, they will also know what PHI they access, how they access it, how they store it, how they process it, and most importantly how they protect it. If they need remediation of risks discovered Compliance Helper has cost effective and efficient tools for all sizes and types of BAs and their Subs. For only $125 the smallest BA or Sub can get compliant and for larger BAs and Subs the price starts at $495. They can then maintain and prove their compliance for as little as $35 per month.

Now there is no excuse for the CE not knowing the compliance status of their BAs and Subs and no excuse for the BAs and Subs not getting compliant, staying compliant, and proving compliance, with the Compliance Meter(tm).


Back to News