Business Associate Agreements – BAAs – are the Achilles’ Heel of many healthcare office privacy strategies. That’s because, like many aspects of privacy regulation, BAAs evolve over time. Consequently, even when Business Associate Agreements are held for all vendors, they may not be HIPAA compliant.
Healthcare practices ignore BAAs at their own peril. In North Carolina, for example, an orthopedic clinic settled a case involving the lack of a compliant BAA for $750,000. In Minnesota, a healthcare operation failed to enter into a BAA with a contractor and eventually settled for a $1.5 million penalty. A New England health system failed to update BAAs and settled for a $400,000 penalty.
These horror stories are among the reasons why Smart Training provides up-to-date BAAs for Platinum+ clients. We’re frequently asked for a BAA ‘template,’ but BAAs have evolved too far for a template to be sufficient. Our HIPAA professionals create BAAs for client practices individually, saving our clients time and money.
Check your Business Associate Agreements. If they were not revised after the Omnibus Final Rule in 2013, you’ll need new BAAs in place. If you’d like more information about Smart Training’s Platinum+ package, click here.