Close
  • About
  • IT Solutions
  • Industries
  • Cybersecurity
  • Resources
  • News
  • Careers
  • Refer Us
  • Payment Portal
  • Home
Get Support
Linkedin
Facebook-square
Twitter

ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
IT Compliance

Has Your IT Firm asked you to Sign a BAA?

By Holly Lawrence 

In 2013 as part of the Omnibus Rule, the United States government began to require all Business Associates to follow HIPAA guidelines. A Business Associate (BA) is any company that works with healthcare providers and has access to patient data, even if that access is indirect.

A Business Associate Agreement (BAA) is the required document between the medical provider, known as a Covered Entity (CE) and the Business Associate (BA).

Examples of likely Business Associates that medical practices work with include IT firms, document storage and shredding services, attorneys, accountants, collection agencies, transcriptionists, and data centers (to name a few). As a medical provider, you are required to have a BAA that legally details what type of access your vendor (the BA) has to your Protected Health Information (PHI/ePHI), whether in physical or electronic form, along with what they will and won’t do with that data.

If you’re working with an IT firm or independent IT professional, you’re required by law to have a signed BAA (Business Associate Agreement) with that company. Besides not being compliant with HIPAA regulations and potentially facing fines from the Office of Civil Rights (OCR), not having a BAA with your IT firm is also a telltale sign that your IT provider does not understand HIPAA and how to protect your PHI/ePHI. A BAA is the first (and easiest) step to becoming HIPAA compliant and the government does not accept ignorance as a reason not to be compliant.

Don’t let your IT firm put you on the hook for a minimum penalty of $50,000 for Willful Neglect.

For more information about HIPAA, including what aspects of patient data must be de-identified and what companies you need to have a Business Associate Agreement (BAA) with, see our post – What is HIPAA? Why Should You Care and What You Need to Know.


Healthcare IT

Related Articles


IT Compliance
Debunking 13 HIPAA Technology Myths
IT Compliance
Are Your Business Associates HIPAA Complaint or a Risk?
IT Compliance
Can I Text ePHI?

Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

6 Hidden Costs when Switching DMS (Dealer Management Software)
Previous Article
What Technologies Do I Need for Employees to Work from Home?
Next Article
  • Categories

    • Blog
    • Business & Technology
    • Cloud Technology
    • Cybersecurity
    • DR & Data Protection
    • Industry-Specific Technologies
    • IT Compliance
    • News and Events


Explore

About Us
IT Solutions
Industries
Get Help
Contact

Disclaimer

Privacy Policy
Terms of Use
Master Client Agreement

Locations

New Orleans
6620 Riverside Drive, Suite 200
Metairie, LA 70003
504-888-6948

Shreveport
347 W. Bert Kouns Industrial Loop
Shreveport, LA 71106
318-219-3427

ECS + MyIT Logo
Linkedin
Facebook-square
Twitter
© 2020 My IT. All Rights Reserved.
  • About
  • IT Solutions
    ▼
    • Outsourced IT
    • Hybrid/Co-IT
    • VOIP Phones
    • Cloud & Network Equipment
  • Industries
    ▼
    • Compliance
    • Auto Dealerships
    • Professional Services
    • Small Businesses
    • Government
    • Education
    • Construction
    • Non-Profit
  • Cybersecurity
  • Resources
  • Contact Us
  • Get Support
  • News
  • Careers
  • Payment Portal