What to do if a Business Associate Won’t Sign a HIPAA BAA?

Posted on by

Q:  Who is a Business Associate and what do we do if they refuse to sign the BAA (Business Associate Agreement)?

A:  See the link below, as that will define for you exactly who your business associates would be.  When uncertain or in doubt, it is always good to double check the HHS guideline to be confident.  The information is defined in the following link:  http://www.hhs.gov/ocr/privacy/hipaa/faq/business_associates/#businessassociate

Privacy rules identify that Business Associates too have responsibilities to comply as well as Covered Entities.  And in fact, with fairly recent updates pertaining to HIPAA, Business Associates have greater liability in their negligence to adhering to the rules set forth.  In the event that a Business Associate does refuse to sign the BAA, according to privacy experts, Covered Entities  should either terminate the arrangement with the BA (if feasible, and if not, the refusal to comply should be reported to the Secretary.)  Please see the following link for complete details: http://privacyguidance.com/blog/i-dont-need-no-stinkin-ba-agreementor-do-i/

It is likely, in the event that a Business Associate did refuse to sign the BAA, if you contacted managerial personnel of the Business Associate(s) and notified them that due to their refusal to comply with those rules set forth to them as a Business Associate, you, the Covered Entity are required to notify the Secretary of Health & Human Services (HHS) of their refusal to comply as this becomes a potential hazard for the privacy of patient PHI (Protected Health Information).  Again, it may also be useful to remind them that there is increased scrutiny on Business Associates that do not have proper agreements on file or that fail to comply with requirements.  Here is the link with information to file a complaint:  http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html

Though it may not relate directly to the question above, here is what the OCR (Office of Civil Rights) says about cloud service provider’s refusal to sign the BAA:

“If you use a cloud service, it should be your Business Associate. If they refuse to sign a Business Associate Agreement, don’t use the cloud service.”

-David Holtzman, Information Privacy Division, Office for Civil Rights

In closing, neglecting to obtain the proper BAA from Business Associates is nothing to overlook.  This very topic is of interest to regulatory agencies and penalties are fierce for the mismanagement of this rule.

OUR ALLIANCE PARTNERS

THE BENEFITS OF BECOMING A
BREAKTHROUGH COACHING PARTNER

As a leader in the Chiropractic profession, BTC has been extremely selective in forming its group of alliance partnerships. We encourage you to visit our partner's websites and to utilize their services and products. When you become a Member of Breakthrough Coaching you become part of a special "family" unlike any other in the Chiropractic Profession.


Practice Analysis Survey.

Let us analyze your practice today!

GET STARTED NOW
[email protected]
FREE GUEST TOUR Friend Us on Facebook Follow Us on Twitter Follow Us on LinkedIn