Doing business with vendors that have access to protected health information (PHI)?
As a covered entity or business associate, you are required to have business associate agreements (BAA) in place before providing access to PHI for services rendered. The business associate agreement requirement is over 13 years old. However, Health and Human Services (HHS) Office of Civil Rights (OCR) is now picking up the slack and enforcing the HIPAA rules with hefty penalties for violations like this one.
If you are unclear what is a 'covered entity' or a 'business associate' and what are your responsibilities, take a look at this quick 30 minute pre-recorded webinar by WorryFreeMD. If you prefer a live in-person event with peer networking and door prizes, attend this upcoming free lunch/learn seminar on the same topic this May 3rd.
$750,000 settlement highlights the need for HIPAA business associate agreements
Raleigh Orthopaedic Clinic, P.A. of North Carolina (Raleigh Orthopaedic) has agreed to pay $750,000 to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule by handing over protected health information (PHI) for approximately 17,300 patients to a potential business partner without first executing a business associate agreement. HIPAA covered entities cannot disclose PHI to unauthorized persons, and the lack of a business associate agreement left this sensitive health information without safeguards and vulnerable to misuse or improper disclosure. Raleigh Orthopaedic is a provider group practice that operates clinics and an orthopaedic surgery center in the Raleigh, North Carolina area.
READ FULL ARTICLE FROM HHS HERE
Your first step towards HIPAA compliance is the required HIPAA Risk Analysis. Contact us for a comprehensive WorryFreeMD Risk Assessment.
||About Fernando Sosa
Fernando Sosa is a technology consultant, project management professional, and software developer who helps small businesses and nonprofit organizations make the most of their information technology resources.