Organizations considered by the Health Insurance Portability and Accountability Act (HIPAA) as a “covered entity” are required to establish Business Associate Agreements (BAA) with their associates and subcontractors. If your business categorizes as such, it would be good to know how to write a BAA agreement.
This article will help guide you through the basics of writing a BAA and its importance in contract management. Read on to know more about HIPAA BAA.
Table of Contents
Guide on How to Write A Business Associate Agreement
One thing you have to know about a BAA is that it is a legally binding agreement. This means that you have to be careful when you are preparing the document. You also need to make sure that you properly include the right information, such as the following:
How to outline a Business Associate Agreement:
- Basic information – Since this is a contract, you need to ensure that the document includes the date the agreement was created, full legal names of the parties involved, and the acceptance of the terms. The document should also be signed and dated with when the signature was affixed.
- Acknowledgment – One of the first things you need to include in the outline is an acknowledgment of the HIPAA and why it is relevant to the business relationship of both parties. Be as clear and direct as you possibly can.
- Nature of the PHI – The PHI accessed by the business associate and its subcontractors should be outlined clearly.
- Permissible VS impermissible – The PHI’s permissible and impermissible uses need to be clearly defined and established in the relevant case law, legislation, and rules.
- Liability and consequences – Since the US Department of Health and Human Services (HHS) are able to audit business associates and their subcontractors at any time,you need to make sure that the language you include in the BAA will hold either party responsible for a breach. Otherwise, you may get in serious trouble for violating the HIPAA.
- Protocol for employee HIPAA training – You need to establish a protocol for HIPAA training among employees of both parties. This way, you can both safeguard your PHI.
- Procedure in the event of a data breach – In case of a data breach, you need to clearly outline the procedures that you will be taking. Identify what steps you will need to make to mitigate the harm that malicious third parties may cause.
- Procedure for returning or destroying PHI – The agreement should also include information on how both parties should return and destroy PHI when required.
When you are trying to learn how to draft HIPAA BAA agreement, always keep an eye on the regulations and rules of the HIPAA. This is a good way you can make sure you have covered everything.
Download the Business Associate Agreement Form
Below is a preview of Business Associate Agreement Form. Use this form for free when you sign up for a Fill account
Business Associate Agreement (BAA)
What Is a Business Associate Agreement?
A Business Associate Agreement (BAA) is needed by businesses to make sure their personal health information is properly protected. These agreements are considered essential to your organization’s HIPAA compliance program. They typically include clauses that outline each party’s liabilities, Protected Health Information (PHI) uses, and many more.
To make sure you are covered by the BAA, you need to keep your agreement up to date with the HIPAA Omnibus Rule. Otherwise, you may be held liable for any HIPAA violations.
Best Strategies When Drafting a Business Associate Agreement
There are some businesses that are not required to create a BAA even if they deal with PHI. The HIPAA states that the requirement is limited for “covered entities.” If you are required to create one, you need to make sure you avoid making mistakes. Otherwise, it can be a big headache for your business.
Before entering into a BAA with an associate, here are some things you need to check:
- Do they have searchable policies and procedures? The Office for Civil Rights (OCR) need to be able to procure specific documents. This is why their policies and procedures need to be searchable.
- How clear is their policy document? Their formatting structure and indexing procedures need to be clearly identified so that documents can be located.
- Is their policy documentation process complicated? The procedure for policy documentation needs to be concise and logical so that there will be no misunderstandings.
- Are their employee training records incomplete? They need to provide documentation their employee training on security policies and procedures for a period of six years.
- Do their policy lack compliance or risk assessments? You need to work with a business associate who regularly conducts risk assessments to ensure they are in compliance with HIPAA privacy and security guidelines.
How to Use Fill To Write Business Associate Agreement
When you are trying to learn how to create a Business Associate Agreement, it’s best that you seek help from a seasoned professional. Even though there are available BAA templates that you can use, you need to make sure that it is still relevant.
Fill regularly updates its templates to help our account holders stay up-to-date with the policies.
You can register for a free account to use the template and personalize it to your needs.