Avoid common business associate agreement mistakes
A business associate agreement, or BAA, is a contract between a healthcare provider and any other business that may have access to patient records. For example, billing companies, IT professionals and attorneys, among others, are usually business associates. The important part of deciding whether or not a BAA is necessary is understanding if the service provider will have access to patient records or not. If so, a BAA must be in place in order for medical practices to remain compliant with the Health Insurance Portability and Accountability Act (HIPAA).
For a physician who wants to practice medicine, or an overburdened office manager trying to make sure the office runs smoothly, the details of HIPAA can be overwhelming. It is not surprising that in small-to-medium sized practices staff members struggle to give some parts of HIPAA, such as BAAs, the full attention required.
The policies and implementation practices surrounding BAAs are an area that many medical offices may need to review. Kate Stewart, JD, an attorney with Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, in Boston, Massachusetts, says one of the first problems smaller practices encounter regarding BAAs is in finding an appropriate template or form to use.
Seeking legal counsel, particularly in practices without legal counsel on staff, makes sense. However, Stewart suggests having the person who is responsible for contracts sit down with counsel, rather than simply asking if a form is good or not. She says it is critical for the person who handles BAAs to understand what is necessary and what is not.