Find-A-Code Focus Newsletter

Business Associates and What To Do If They Refuse To Sign the BAA

November 20, 2014



Q:
  Who is a Business Associate and what do we do if they refuse to sign the BAA (Business Associate Agreement)?

A:  See the link below, as that will define for you exactly who your business associates would be.  When uncertain or in doubt, it is always good to double check the HHS guideline to be confident.  The information is defined in the following link:  http://www.hhs.gov/ocr/privacy/hipaa/faq/business_associates/#businessassociate

Privacy rules identify that Business Associates too have responsibilities to comply as well as Covered Entities.  And in fact, with fairly recent updates pertaining to HIPAA, Business Associates have greater liability in their negligence to adhering to the rules set forth.  In the event that a Business Associate does refuse to sign the BAA, according to privacy experts, Covered Entities  should either terminate the arrangement with the BA (if feasible, and if not, the refusal to comply should be reported to the Secretary.)  Please see the following link for complete details: http://privacyguidance.com/blog/i-dont-need-no-stinkin-ba-agreementor-do-i/

It is likely, in the event that a Business Associate did refuse to sign the BAA, if you contacted managerial personnel of the Business Associate(s) and notified them that due to their refusal to comply with those rules set forth to them as a Business Associate, you, the Covered Entity are required  to notify the Secretary of Health & Human Services  (HHS) of their refusal to comply as this becomes a potential hazard for the privacy of patient PHI (Protected Health Information).  Again, it may also be useful to remind them that there is increased scrutiny on Business Associates that do not have proper agreements on file or that fail to comply with requirements.  Here is the link with information to file a complaint:  http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html

Though it may not relate directly to the question above, here is what the OCR (Office of Civil Rights) says about cloud service providers refusal to sign the BAA:

“If you use a cloud service, it should be your Business Associate. If they refuse to sign a Business Associate Agreement, don’t use the cloud service.”

-David Holtzman, Information Privacy Division, Office for Civil Rights

In closing, neglecting to obtain the proper BAA from Business Associates is nothing to overlook.  This very topic is of interest to regulatory agencies and penalties are fierce for the mismanagement of this rule.


share
 

More Items in November 2014


To view more items select a month from our "Items by Month" list.

Or view documentation, coding and billing articles.

 

Poll

Which grouper would be more beneficial to you?

News Items by Month
February 2020- 4
January 2020- 2
December 2019- 1
November 2019- 1
October 2019- 4
September 2019- 2
August 2019- 3
July 2019- 3
May 2019- 2
April 2019- 3
March 2019- 9
February 2019- 3
January 2019- 5
November 2018- 3
September 2018- 1
August 2018- 4
June 2018- 5
May 2018- 4
April 2018- 1
March 2018- 1
February 2018- 8
January 2018- 6
2017 - View
2016 - View
2015 - View
2014 - View
2013 - View
2012 - View
2011 - View
2010 - View
2009 - View
2008 - View
free demo
request yours today
pricing
for any budget
sign IN
welcome back!