Indiana Policyholders: Notice to policyholders recently affected by severe weather. 

Lack of a Business Associate Agreement can be a Costly Mistake

According to the HIPAA Office for Civil Rights, one of the most common HIPAA violations is the lack of business associate agreements.

Posted in Business Insurance on Monday, June 5, 2017

Business associate agreements are formal agreements with all the contractors/suppliers who may come into contact with, have access to, or disclose protected health information (PHI) to while at your practice.

Examples of HIPAA business associates include:

  • A third-party administrator to help with claims processing
  • A consultant performing utilization reviews
  • An independent medical transcriptionist
  • A mobile application developer

Just how important are business associate agreements? 

An orthopedic group in Raleigh, N.C. realized the value of business associate agreements the hard way. The group utilized a supplier for extracting silver from their x-rays as they transferred them to electronic media, a practice which may also be prevalent in dental offices.

Due to a lack of a business associate agreement when the PHI of 17,300 patients was exposed, the U.S. Department of Health & Human Services (HHS) Office of Civil Rights fined the orthopedic group $750,000 and implemented a two-year corrective action plan which included:

  • Providing the HHS the number, name and copies of all business associate agreements
  • Revising its policies and procedures with regard to business associate agreements
    • Designating an individual responsible for the business associate agreements
    • Initiating a policy for maintaining documentation of the agreement six years after the relationship is terminated
    • Creating a policy for determining the need for business associate agreement, along with a template and limit disclosures
  • Providing training materials for HHS review and approval followed by documentation of employee annual training within 15 days of employment
  • Providing annual reports to the HHS

For more information and to read the entire corrective action plan for this group, visit the HHS website.

If you qualify as a covered entity, your HIPAA policy/procedure manual should contain the policies and procedures used in determining the necessity of a business associate agreement with a vendor. The manual should also include:

  • How you review and update agreements
  • How to respond to any violations of the agreement
  • The business associate’s responsibility to you and to protecting your patient’s PHI
  • Define the potential financial and reporting responsibilities of a breach 

For more information on business associate agreements from HHS, you can review their Business Associates page. As always, discuss the issue with your business attorney.

Contact PSIC if you have any further questions regarding business associate agreements.

Resources by Profession

Knowledge to keep you sharp

The articles, videos, webinars, tools and resources you need to do your job.

Attention Practice Owners: Especially Now, Your Business Entity Needs Malpractice Insurance Coverage Attention Practice Owners: Especially Now, Your Business Entity Needs Malpractice Insurance Coverage Article | Property Insurance Among the concerns about the impact of coronavirus, many dentists wonder if their practices will be covered for claims related to COVID-19. At Profess... Low-Cost Employee Benefits for Your Practice in a Competitive Market Low-Cost Employee Benefits for Your Practice in a Competitive Market Article | Business Insurance In a competitive labor market, consider how you can use low-cost employee benefits to attract and retain employees and in turn, benefit your practice ... Cyber Security and Disposing of Equipment Cyber Security and Disposing of Equipment Article | Data Breach The digital equipment we use every day captures and stores electronic PHI (aka E-PHI or PII). So, when we replace a cell phone, copier, computer, USB ... Intellectual Property Concerns for Small Business Owners Intellectual Property Concerns for Small Business Owners Article | Property Insurance There are several types of intellectual property rights for small business owners to be aware of, and in Part I of this series, I am going to talk abo...

Read more articles

This website uses first party and third party cookies to improve your experience and anonymously track site visits. By visiting this website, you opt-in to the use of cookies. OK