There are many moving parts of a successful medical practice, and more often than not some tasks are outsourced. For example, many healthcare providers partner with medical answering services to keep up with their high call volumes and to ensure that patients receive the highest level of compassionate service.
When speaking with healthcare providers about how our medical answering services work, the subject of a Business Associate Agreement (BAA) always comes up. A BAA is an extremely important contract that should never be overlooked. Below we’ll explain exactly what a BAA is, and why they are so important for medical practices to have in place when they partner with third-party organizations.
What is a BAA?
Any third-party vendor or individual that provides services to a healthcare provider and accesses protected health information (PHI) is required to sign a Business Associate Agreement (BAA). Also referred to as a Business Associate Contract, a BAA is a legal contract between the healthcare provider and the vendor who is performing tasks on their behalf.
Some examples of individuals and third-party organizations that are considered business associates, and therefore must sign BAAs, include (but are not limited to):
- Lawyers and attorneys
- Medical answering services
- Medical billing companies
- IT service providers
- Medical record shredding services
- Professional translator services
- Insurance companies
Why is a HIPAA Business Associate Agreement so important?
Business Associate Agreements play an important role in making sure that all HIPAA guidelines are followed correctly, and that PHI is being handled in a secure and established manner. Here are some of the reasons why signing a BAA is so important when partnering with a medical answering service or other third-party organization:
- A BAA ensures that both parties are on the same page. This written agreement clearly outlines each party’s responsibilities when it comes to handling PHI. By signing the BAA, your vendors are acknowledging that they understand their responsibilities, and that they will safely handle PHI.
- A BAA protects your patients. Information such as your patients’ names, birth dates, diagnoses, and treatments are confidential. A BAA keeps it that way by stating that your third-party vendors will not use or disclose PHI other than as permitted or required by the contract or as required by law.
- A BAA protects your reputation. You worked hard to grow your medical practice, and your patients trust you not to mishandle their PHI. Don’t let the mistake of a third-party vendor ruin everything that you have built over the years. Having each of your vendors sign a BAA will help to maintain PHI security and overall HIPAA compliance.
- A BAA can save you from being fined. Mishandling PHI can cost you a lot more than just your reputation. Partnering with an individual or organization that isn’t HIPAA compliant can end up costing your medical practice thousands of dollars if PHI is mishandled. With fines of up to as much as $250,000 per violation, it is simply not worth it to take the risk.