• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Updating business associate agreements

Article

In 2003, when the privacy rule first took effect, I entered into a business associate agreement with my billing company, as HIPAA requires. Must I now update that agreement in light of the new security standards?

Q: In 2003, when the privacy rule first took effect, I entered into a business associate agreement with my billing company, as HIPAA requires. Must I now update that agreement in light of the new security standards?

A: Yes, if your billing company handles protected medical information electronically, whether via a computer, a computer disc, a PDA, or a similar electronic device. In such cases, be sure to update your agreement so that your billing company is required to:

  • implement safeguards (administrative, physical, and technical) that will protect the confidentiality and integrity of the electronic medical information it receives from you;
  • ensure that any additional parties with access to this information will take similar steps to protect its confidentiality and integrity; and
  • report to you any security breach that it becomes aware of.

In general, the government requires that you enter into a business associate agreement with any parties-other than office staff members-that perform activities that may involve the use or disclosure of protected medical information. If other vendors you deal with fall into this category, they, too, must be given an appropriate business associate agreement.


Related Videos