Indiana Policyholders: Notice to policyholders recently affected by severe weather. 

Lack of a Business Associate Agreement - a $750,000 Mistake

Covered entities are required to have business associate agreements with any business associate that provides services which may involve the use of, access to or disclosure of protected health information. Lacking such agreements could be a costly mistake for your practice.

Posted in Malpractice Insurance on Tuesday, June 21, 2016

HIPAA audits, as mentioned in recent blogs, continue to be on the rise. In addition to the federal government auditing practices to ensure they are in compliance with HIPAA policies, they are now looking closely at business associate agreements.

Business associate agreements are formal agreements with contractors or suppliers who may come into contact with protected health information (PHI) while working with your practice.

A covered entity, as defined by the Department of Health and Human Services (HHS), is required to have a business associate agreement with any business associate that provides services which may involve the use of, access to or disclosure of PHI.

The importance of business associate agreements was recently realized by an orthopedic group in Raleigh, North Carolina. The group used a supplier for extracting silver from their x-rays as they transferred them to electronic media. 

Due to the lack of a business associate agreement, when the PHI of 17,300 patients was exposed, the HHS Office of Civil Rights fined the group $750,000. Additionally, the HHS put a two year corrective action plan in the practice that included:

  • Providing the HHS with the number, name and copies of all business associate agreements
  • Revising policies and procedures with regard to business associate agreements, including:
    • Designating an individual responsible for business associate agreements
    • Maintaining documentation of business associate agreements for at least six years after a relationship is terminated
    • Creating a policy for determining the need for business associate agreements, along with an agreement template and limit disclosures
  • Providing training materials for the HHS to review and approve, followed by documentation of annual employee training, and training for new hires within 15 days of employment
  • Providing annual reports to the HHS

For more information and to read the entire corrective action plan, visit the HHS website. Their website also has a business associates’ page that details when an agreement is needed, and the cases where agreements may not be required. It should be noted that this information should be discussed with your attorney before any final decisions are made.

For additional information on business associate agreements, the HHS Website also offers a template and sample provisions for creating your own agreement.

*This blog was authored by Veronica Brattstrom and Kathy Everitt. 

Resources by Profession

Knowledge to keep you sharp

The articles, videos, webinars, tools and resources you need to do your job.

Important Details about Disciplinary Actions Important Details about Disciplinary Actions Article | Malpractice Insurance State disciplinary coverage is a feature of your malpractice coverage you may not realize you have. However, your Professional Solutions covers you fo... Sports Medicine Health Care Providers Protected Under New Law Sports Medicine Health Care Providers Protected Under New Law Article | Malpractice Insurance As a leader health care malpractice insurance, Professional Solutions wants to share the good news and details about recent legislation that affects h... Ways to Recognize and Avoiding Prescription Drug Abuse Ways to Recognize and Avoiding Prescription Drug Abuse Article | Malpractice Insurance With all the media attention on the opioid crisis, now is a good time to recognize and avoid prescription drug abuse in your practice. Along with adhe... How Your Practice Can Benefit from the Mistakes of Others How Your Practice Can Benefit from the Mistakes of Others Article | Malpractice Insurance Once burned, twice shy. This statement clearly exhibits the value of personal experience. While personal experience has its benefits, external situa...

Read more articles

This website uses first party and third party cookies to improve your experience and anonymously track site visits. By visiting this website, you opt-in to the use of cookies. OK