Does my business really need Business Associates Agreements?

Think of it as building unscalable walls and a deep mote to surround your business and protect your personal wealth from challenges brought about because of operational failures by third parties that your business has hired to outsource critical workflow processes.

Economic realities have driven many businesses in America to outsource non-core functions, which may include:

• Billing Services
• IT Service and Cloud Storage Providers
• Accountants
• Shredding Services

Business Associates Agreements (BAAs) are an essential part of the infrastructure you should have in place to protect your medical practice.  The HIPAA Privacy Rule requires that all Medical Service Providers (Covered Entities) have signed BAAs in place with any Business Associate they hire that engages with Protected Health Information (PHI).

The BAA must acknowledge that the organization issuing it is subject to HIPAA regulation and that the organization signing it is also subject to HIPAA.  Good BAAs ultimately protect both parties that sign it. They ultimately define the steps to be followed and the financial liabilities in the event of a breach. Importantly, they also help to protect the Covered Entity’s reputation.

In the final analysis, the vetting process of Business Associates (third party vendors or processors) is one of the key responsibilities of any Practice Manager or Practice Administrator.

Vetting against HIPAA rules can be facilitated by external consultants, but in the shredding industry, it can also be assisted by requiring that vendors have their operating practices certified by external agencies, like the National Association of Information Destruction (NAID) and by the International Organizational for Standardization (ISO).

For more information, contact Greg Gálvez at greg.galvez@proshred.com or 678-580-1155