HIPAA requires that an agreement must be in place between covered
entities (Medical Practices) and their Business Associates
(who are not covered entities
themselves) to whom you may disclose Protected Health Information (PHI) in
order for them to carry out services for your practice in the ordinary course
Business Associates must agree to the same set of privacy safeguards as the
Medical Practice. Importantly, they must document and log any disclosures they
make, and supply those documents when you demand them.
Examples of Business Associates that must agree:
• Billing Services
• Transcription Services
• Collection Agencies
• Computer Consultants
• DME Suppliers
• Answering Service
• Accreditation and Review Agencies
How We Help You Comply
If your patient requests an Accounting Of Disclosures from you (as is their
right under HIPAA) you must include in that accounting the disclosures made
by your Business Associates.
Our BAA also requires that your Associates inform you of any such disclosures
at the time of the disclosure. This simplifies your disclosure accounting responsibilities.
No other BAA contains this requirement. (HIPAA allows your patient to request
an accounting of disclosures going back six years, from 4-14-03 forward. Imagine
trying to get all your past and present Business Associates to provide you
with accountings years after the disclosures were made. Our BAA keeps your
practice fully informed on all the disclosures you may someday need to account
for.) This is just another example of features that make our products truly
Back to the PRODUCTS page.