Concise Business Associate Agreements to Help Expedite Compliance
One of the complexities that organizations must address when achieving HIPAA compliance is the need for a Business Associate Agreement (BAA). In many cases, organizations are unfamiliar with the term, and unsure as to whether or not they need one.
Let HOSTING help clear up some confusion.
First, let’s define BAA. A BAA is a contractual agreement between a HIPAA covered entity (CE) and a business associate (BA) in which both parties will appropriately safeguard patient health information (PHI). Moreover, a BA can agree to provide audit trails to fully protect patient health information from security breaches – financial or otherwise. The need for audit trails in relation to compliance for PCI, SOC 2, SOC 3 and so forth, is often disregarded by CEs when selecting a BA such as a cloud hosting provider but compliance does not end at encryption at rest.
Which comes to the next question – do you need a BAA?
While every organization has its unique complexities, the answer is probably “yes”. Under the 2013 HIPAA Omnibus Rule, CEs, such as healthcare providers, health plans, and healthcare clearinghouses, must enter into BAAs with cloud providers under certain circumstances. Additionally, the Omnibus Rule requires “downstream” BAAs – that is, BAAs between business associates and their subcontractors – under certain circumstances. The Omnibus Rule’s BAA requirements ensure the protection of protected health information (PHI). BAAs should clearly articulate each party’s rights and obligations with regard to protecting PHI.
HOSTING Leads the Industry in BAA Collaboration
Among the new changes of the HIPAA / HITECH regulations, BAs are now responsible for their subcontractors’ noncompliance with security and breach notification rules. With these new regulations in mind, a BAA should explicitly detail how a BA will report and respond to a data breach, including those caused by a BA’s subcontractors. If no BAAs exist where one is required, an organization can be subject to fines for noncompliance. By having a “chain of BAAs,” HOSTING is in line with a key part of the new omnibus rule for HIPAA / HITECH promulgated by U.S. Department of Health & Human Services.
Comprehensive, Concise BAAs
At three pages, the HOSTING BAA is concise and to the point – helping organizations reduce the time required by their legal team to review it. As a result, they get the cloud solution they need faster and at a more affordable rate to achieve HIPAA compliance.
Our healthcare customers get the legal protections for HIPAA compliance without the administrative hassle that they might experience with another cloud hosting provider during BAA negotiations.
HOSTING guarantees 100% audit assurance across our cloud solutions as well as our data centers to further enable our healthcare customers to achieve HIPAA compliance.
Contact us today to discuss our BAAs and 100% audit assurance guarantee.
HOSTING HIPAA Compliant Cloud Hosting and Managed Services
HOSTING ensures that its datacenters, employees, procedures, processes, and policies meet the HIPAA Administrative Safeguards (45 C.F.R. 164.308) and Physical Safeguards (45 C.F.R. 164.310) applicable to HIPAA Business Associates. Further, HOSTING HIPAA Compliant Cloud Hosting and Managed Services help HOSTING customers address the HIPAA Technical Safeguards (45 C.F.R. 164.312).