Find-A-Code Focus Newsletter

Business Associates and What To Do If They Refuse To Sign the BAA

November 20, 2014



Q:
  Who is a Business Associate and what do we do if they refuse to sign the BAA (Business Associate Agreement)?

A:  See the link below, as that will define for you exactly who your business associates would be.  When uncertain or in doubt, it is always good to double check the HHS guideline to be confident.  The information is defined in the following link:  http://www.hhs.gov/ocr/privacy/hipaa/faq/business_associates/#businessassociate

Privacy rules identify that Business Associates too have responsibilities to comply as well as Covered Entities.  And in fact, with fairly recent updates pertaining to HIPAA, Business Associates have greater liability in their negligence to adhering to the rules set forth.  In the event that a Business Associate does refuse to sign the BAA, according to privacy experts, Covered Entities  should either terminate the arrangement with the BA (if feasible, and if not, the refusal to comply should be reported to the Secretary.)  Please see the following link for complete details: http://privacyguidance.com/blog/i-dont-need-no-stinkin-ba-agreementor-do-i/

It is likely, in the event that a Business Associate did refuse to sign the BAA, if you contacted managerial personnel of the Business Associate(s) and notified them that due to their refusal to comply with those rules set forth to them as a Business Associate, you, the Covered Entity are required  to notify the Secretary of Health & Human Services  (HHS) of their refusal to comply as this becomes a potential hazard for the privacy of patient PHI (Protected Health Information).  Again, it may also be useful to remind them that there is increased scrutiny on Business Associates that do not have proper agreements on file or that fail to comply with requirements.  Here is the link with information to file a complaint:  http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html

Though it may not relate directly to the question above, here is what the OCR (Office of Civil Rights) says about cloud service providers refusal to sign the BAA:

“If you use a cloud service, it should be your Business Associate. If they refuse to sign a Business Associate Agreement, don’t use the cloud service.”

-David Holtzman, Information Privacy Division, Office for Civil Rights

In closing, neglecting to obtain the proper BAA from Business Associates is nothing to overlook.  This very topic is of interest to regulatory agencies and penalties are fierce for the mismanagement of this rule.


share
 

More Items in November 2014


To view more items select a month from our "Items by Month" list.

Or view documentation, coding and billing articles.

 
News Items by Month
February 2022- 1
2021 - View
2020 - View
2019 - View
2018 - View
2017 - View
2016 - View
2015 - View
2014 - View
2013 - View
2012 - View
2011 - View
2010 - View
2009 - View
2008 - View
demo
request yours today
subscribe
start today
newsletter
free subscription

Thank you for choosing Find-A-Code, please Sign In to remove ads.