Everything You Need To Know About the Business Associate Agreement
The purpose of a business associate agreement (BAA) is to ensure there aren’t any violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
Does creating the business associate agreement seem challenging? This guide will tell you how to write a BA contract hassle-free. We will also show you the best and quickest way to draw up any legal document!
HIPAA Business Associate Agreement Explained
According to the Health Insurance Portability and Accountability Act Privacy Rule, the business associate agreement needs to be signed between:
- Covered entities (CE) and business associates (BA)
- Business associates and business associate subcontractors (BAS)
The HIPAA Privacy Rule secures the Protected Health Information (PHI), such as client, patient, and employee data. The BAA is a legal contract that specifies the signing parties’ PHI responsibilities. Covered entities should only work with BAs who agree to sign the BAA.
A covered entity is an individual or organization that provides medical treatment or collects health information. These are some of the covered entities:
- Health insurance provider
- Health plan
- Healthcare clearinghouse
One covered entity has the right to disclose the PHI to another CE for payment, treatment, and healthcare operations purposes. In this case, the business associate agreement isn’t required.
Business associates are organizations hired to create, receive, transmit, or maintain the PHI on the covered entity’s behalf. The following organizations are common business associates:
- Medical billing companies
- File sharing vendors
- Transcription services
- IT support vendors
- Backup storages
- Email encryption providers
- Shredding companies
- File sharing vendors
If a business associate has access to the PHI, the covered entity should require a business associate agreement.
Business Associate Subcontractor
Business associates have the right to hire an organization that will create, maintain, transmit, and receive the PHI on their behalf. In this case, the subcontractor needs to sign the business associate agreement. The Health and Human Services (HSS) can check if the BAA has been signed even when a business associate hires a subcontractor.
Employees who aren’t associates or subcontractors aren’t expected to sign a BAA. To ensure these individuals don’t disclose the PHI, you can ask them to sign a confidentiality agreement that states the following:
- What type of information the contract covers
- Whether the signing party needs to return the info in question upon the employer’s request
- What the consequences for breaching the PHI are
Why Is the Business Associate Agreement Important?
Since the PHI can be found in multiple places nowadays—not only your doctor’s office—protecting that info is of significant importance. The BAA allows covered entities to protect their practice even if some other individual or organization is hired to transmit, process, or store the PHI. The contract will also satisfy HIPAA regulations and ensure you don’t get fined.
What Happens if Someone Violates the Business Associate Agreement?
HIPAA will charge a penalty according to the severity of the violation if:
- There’s no business associate agreement
- The existing BAA is incomplete
- One of the signing parties fails to honor the BAA
Covered entities that disclose the PHI on purpose can face a fine of up to $50,000 and one year in prison. CEs whose intent was to sell or use the PHI for harm, personal gain, or commercial advantage will have to pay up to $250,000 and spend ten years in prison.
How To Create a Business Associate Agreement on Your Own
Considering the severe consequences of an incomplete business associate agreement, you should take the contract seriously. You might choose to hire a lawyer who will create a valid document for your business associates to sign. If you can’t afford a lawyer, you could consult a few BAA templates online.
You can also attempt to write the agreement yourself, but you need to make sure that the agreement is in accordance with the HIPAA and HHS requirements. Here’s what info you should include:
- Your and your business associate’s names
- What is the required and allowed PHI your business associate can use
- State that the BAA or BAS won’t disclose other PHI
- A clause that requires the BAA or BAS to use necessary safeguards to protect the PHI
Create a Myriad of Legal Documents in a Jiffy With DoNotPay
While you would need to hire a lawyer to create a business associate agreement, DoNotPay offers a more affordable solution for other legal documents.
Not everyone can afford legal assistance for every single document. That’s why DoNotPay has created a handy feature that will help you draw up an unlimited number of contracts for a small fee. Why waste time searching for contract templates that don’t include everything you need if you can rely on DoNotPay to create a complete and valid document for you?
To write a professional contract with our help, open your DoNotPay account and do the following:
- Enter the name of the document
- Answer all of the questions
- Download and sign the contract
Thanks to our feature, you can create various legal documents, including:
Clear Your Schedule With the Help of DoNotPay
DoNotPay is renowned for making our users' lives infinitely easier. Not only can we root out unwanted subscriptions for you—you don't need to do it manually one by one any longer—but we can unsubscribe you from unwanted email and snail mail lists.
Fire up our app and let it navigate the phone tree instead of you or use it to make a DMV appointment at your earliest convenience. Forget about googling clinical trials near you—DoNotPay can sort them out according to your needs and their individual eligibility criteria.
We can fill out the paperwork that you need to file at your local small claims court to initiate a dispute. You can work around the U.S. penal system and have DoNotPay locate an imprisoned loved one instead of you trying to reach individual prisons attempting to do it yourself.
You don't need to go to great lengths to get in touch with a counselor to sign your college fee waiver either—DoNotPay does it for you and then forwards the necessary documents on your behalf.
DoNotPay Never Ceases To Amaze
Where there's one useful feature, there are nifty features galore!
Use our Virtual Credit Card to sign up for free trials and stop robocalls and spam text messages from reaching your phone. If you feel a free trial unrightfully turned into an expensive paid membership, we can help you request a refund or chargeback for the inconvenience.