What is the Business Associate Agreement?

Healthcare providers save about half a million lives every year, but they do not do this alone. They work with all sorts of different professionals and tools to keep the various cogs turning. With the importance of protecting patients’ personally identifiable information, it’s no surprise that the Business Associate Agreement came to be. 

What is a business associate?

As the name implies, a business associate is a party that has a hand in the healthcare business. More specifically, it is an individual or company hired by a covered entity (such as a healthcare provider) to perform services that provide access to protected health information. This could include:

  • Outside lawyers, IT specialists, and accountants
  • Software companies who handle protected health information
  • Claims processing companies
  • Medical transcription companies
  • Companies that help healthcare providers accept payment for providing medical services
  • Health plan companies
  • Medical record destruction and archive services

Business associates are required to the rules of HIPAA, enforced by the same tiered penalty structure healthcare providers face following instances of noncompliance. These fines can reach $1.5 million per instance per year in the worst-case scenarios.

The key to staying compliant? Actively safeguard your protected health information. Before doing anything with medical records, do your research to make sure it’s done per regulations. HIPAA regulations may be rigorous and complicated, but negligence often leads to the largest fines.

What is the Business Associate Agreement?

Before enlisting the services of lawyers and other professionals who require access to protected health information (PHI), covered entities must have them sign a Business Associate Agreement. This contract legally binds the business associate to adhere to the various rules of HIPAA and the HITECH Act or face the same strict penalties. 

The Business Associate Agreement requires the business associate to follow the administrative, technical, and physical safeguards to prevent unauthorized viewership of protected health information. PHI contains a lot of private information that is invaluable for hackers.

HHS requires that the contract clearly list out the following information and expectations:

  • How the business associate will and may use disclosed protected health information
  • The requirements of appropriate safeguards to protect PHI
  • The prohibition on using PHI for anything that is illegal or not explicitly listed on the contract

To best protect medical records and ensure compliance after signing a BAA, take every precaution you can think of. Don’t forget to:

  • Avoid leaving physical documents unsupervised. Also, if you are not actively reviewing them, make sure they’re physically safe from unauthorized viewers.
  • Lock everything, from your door to your PC.
  • Use secure modes of conversation. Don’t disclose any details to your client via social media, for example.
  • Abide by the Minimum Necessary Standard, which limits the information you can share to the minimum necessary to accomplish the goal of the disclosure.
  • Keep an antivirus and VPN active, and change your passwords regularly.
  • Only discuss protected health information in private settings. This is because other people should not be able to hear details. 

If you’re unsure if your actions or standards will qualify, don’t assume. Do a little research, and possibly save yourself from causing a breach (and facing heavy penalties).

What ChartRequest does for business associates

If you are a lawyer looking for help maintaining HIPAA compliance for your Business Associate Agreements, ChartRequest is here to help. Our secure platform is designed to streamline the entire process, improve transparency and communication, and expedite data sharing.

Streamline the process

We only ask for the essential information, so the average medical records request can be completed in just minutes once a release of information authorization form has been completed. With ChartRequest, you can also send an electronic authorization form to your clients via text or email. 

You can also send requests to multiple healthcare providers at once, customizing which additional services you need for each. This could include notarization, certification, images, various forms, and other options based on custodian offerings.

Improve transparency and communication

You can check the status of requests placed with ChartRequest anytime for real-time updates. Additionally, each request includes a built-in provider chat, offering a direct line to the healthcare provider. Any new information, questions, or corrections can be shared here to get a quick response without the need to pick up a phone. 

Expedite data sharing

We have a specialized platform called CaseBinder for lawyers and insurance agents. We also offer the healthcare providers in our network our care coordination platform. With this, we empower healthcare staff to release more records per hour, helping them get to yours faster.

To see how ChartRequest can help you stay compliant to both your BAA and HIPAA, sign up for an account today. If you also want to learn how to save 50% on administrative costs, ask us about CaseBinderPro.

Click here to read our complete guide to electronic health records for healthcare providers.

For our complete guide to electronic health records for legal professionals, click here.