Can you believe it’s over so soon? Today is the last part of our series – Compliance Catatrophes: real-ish world examples of nightmare scenarios! This week, we’ve gone through some of the most common HIPAA violations, giving you the tips you need to stay compliant!
Remember, HIPAA violations sometimes don’t only include your practice, but the Business Associates you work with.
For the quick 411– Business Associates, known as BAs, are all businesses that work with Covered Entities that have access to Protected Health Information (PHI). A quick example of this would be the IT company keeping your network and devices secure. For any BAs reading this, thanks for your awesome work!
Teamwork makes the dream work when it comes to running your practice or business, so everyone must be on the same page when it comes to protecting patient PHI.
As a result, a Business Associate Agreement, or BAA, is required when working with a new BA.
Having these agreements in place is easier said than done in healthcare, with Business Associate Agreements issues being one of the recurring HIPAA compliance concerns mentioned by the OCR during the latest HIPAA summit.
As we talk about business partnerships in healthcare, it just makes sense to introduce a new character to our series: Billy the Business Associate!
Don’t you worry, our unlucky friend Catastrophe Cathy will still be the star of the show!
To BAA or Not to BAA
Cathy recently onboarded a new BA for the practice! She found a new shredding company to properly dispose of PHI. After her past mistakes, she was more than ready to have someone else help the practice stay compliant when handling PHI. Billy, the BA, helped with other practices in the area and had great reviews.
Billy started last week, and Cathy forgot the first thing you need to do while entering a partnership with a BA: signing a Business Associate Agreement! If Billy ever made a mistake or was hacked, Cathy’s entire practice would now be equally liable for the leaked PHI!
BAA Basics
Signing a Business Associate Agreement is the very first thing you need to do before working with a BA or a sub-BA.
This agreement outlines the roles and responsibilities of each party in the partnership. This partnership ensures accountability and empowers both parties to know what they need to do to keep patient information safe. With this signed, we can get our Business Associates (BAs) set up for secure access to the information they need.
Remember: it’s a major red flag if a BA refuses to sign a Business Associate Agreement.
Why would you want to entrust a business partner with sensitive information if they won’t be accountable for protecting it?
This is a common HIPAA violation, and practices have faced major fines for not having a BAA in place. For example, the Center for Children’s Digestive Health was fined $31,000 for not having a BAA in place with its Business Associate, FileFax.
Getting these agreements signed might seem difficult, but it’s easy with Abyde. With the Abyde software, all you need to do is sign and send off the documentation. We do the hard part, creating a compliant agreement for you and your new Business Associate.
This week has been fun learning about all common HIPAA violations, but I think Cathy is ready for a break!
To learn more about compliance for your practice or business, email us at info@abyde.com and stay tuned for the latest news on our social media platforms!