Online Safety Community

Learning how to manage the HIPAA Business Associate process is important

Most healthcare providers or organizations that are described as Covered Entities by HIPAA, engage vendors as HIPAA Business Associates for carrying out many of their services on their behalf. HIPAA defines a Business Associate as a person or an entity who carries out some or all functions or activities that involve the use or disclosure of Protected Health Information on behalf of, or of providing services to a Covered Entity.

The practice of choosing vendors is fairly common in this industry because of the many benefits it brings. Although fairly prevalent; managing this process can be confusing. This is despite the fact that HIPAA requires them to enter into Business Associate Agreements (BAA's), which are agreements aimed at ensuring safeguarding of PHI. A healthcare organization or individual that enters into a BAA is obliged to comply with the HIPAA Security Rule and Privacy Rule.

It is important to choose the right BA

With such a major role being expected of the BA; Covered Entities have to show complete diligence in choosing the right one, for this is the only means to ensuring compliance with the process required of the HIPAA Security Rule and Privacy Rule. Any small noncompliance attracts heavy penalties for both Covered Entities and their Business Associates whenever a data breach occurs.

The only means by which Covered Entities can avoid such situations is by putting a systematic process in place for handling these business relationships. The proper access and protection of a healthcare organization's Protected Health Information by the Business Associate has to be ensured by such a process.

Some of a Business Associate’s functions and activities include:

  • Processing or administration of claims
  • Processing of data analysis or administration utilization 
  • Review of the Quality Assurance billing
  • Benefit management
  • Practice management and repricing.

The sheer range and importance of functions and activities carried out by Business Associates necessitates a complete and thorough grasp on the part of healthcare organizations of the ways by which to identify Business Associates.

Learn the ways of getting the Business Associate Agreement right

A webinar that is being organized by MentorHealth, a leading provider of professional trainings for the healthcare industry, will impart clear understanding of all the nuances of the BAA.

Jay Hodes, who is president of Colington Security Consulting, LLC, which provides HIPAA consulting services for healthcare providers and Business Associates, who is the speaker at this webinar, will show what thinking has to go into and what processes have to be adhere to when choosing a Business Associate.

Participants will learn how they can find out if Business Associates have the necessary technical, physical and administrative safeguards needed for protecting shared Protected Health Information in place. Another important learning he will offer is on when a vendor becomes a Business Associate and how that relationship may change and impact the BAA.

Register for this webinar and get clarity on the ways of monitoring and managing the HIPAA Business Associate process.

Understanding the BAA process

The way in which the Business Associate Agreement (BAA) process needs to be understood and perceived will be explained at this webinar. There are as many as ten requirements the government expects to meet for this process. Jay will show how to put these in place. Also taken up is the issue of the use of Vendor Security Questionnaires and how to implement them. The nature and type of breaches caused by Business Associates and the ways of handling them will also be explained.

People who are involved in BAAs in one or another way, such as Compliance Officers, HIPAA Privacy Officers, HIPAA Security Officers, Medical/Dental Office Managers, Practice Managers, Information Systems Managers, Chief Information Officers, General Counsel or Lawyers, and Practice Management Consultants will gain from this webinar.

In this webinar on what a healthcare organization needs to know about its responsibilities in managing Business Associates, Jay will cover the following areas:

  • How to conduct Vendor Screening
  • Ten Requirements of Business Associate Agreement
  • Developing and Using Vendor Security Questionnaires
  • Reviewing the Questionnaires
  • I Like This Vendor, but…
  • Auditing Your Business Associate
  • Dealing with a Breach Caused by Your Business Associate
  • What are the penalties and fines for non-compliance and how to avoid them?
  • Q&A.

Views: 11


You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Mark Nilson posted an event

Guidelines for Performing a Vendor Audit with an emphasis on Construction Audit at Training Doyens 26468 E Walker Dr,Aurora, Colorado

April 3, 2018 from 1pm to 2:30pm
OVERVIEWVendor/Contract audits require a certain skill set to understand the terms and conditions of a contract between a Company and any given vendor where products or services are outsourced.  Understanding the risks that are inherent within them is the first step in developing audit objectives and steps. The primary focus of the audit is the vendor (third party) activities pertinent to a contract. A majority of the fieldwork on these types of audits will likely be performed at the Vendor’s…See More
15 hours ago
gracylayla posted an event

How to begin your career in IBM API Connect? at 4608 Spalding, plano TX 75024 United States

February 19, 2018 to February 19, 2019
IBM API Connect is a complete API lifecycle management solution that will make things easier for developers, Central IT, and LoB Management. The thought behind API Connect is that APIs are small data applications, often called microservices, but they are applications nonetheless.IBM API Management with a built-in gateway, allowing you to create, run, manage, and secure APIs and Microservices. API Connect is the first of its kind: a unified end-to-end API management solution that enables the…See More
15 hours ago
John Robinson posted a blog post

Risk Management in the Global Economy and outlook for 2017

Risk management in the global economy is a highly challenging field for risk managers from any part of the world. With most of the world’s countries almost becoming part of the global economy in this era of globalization; it is emerging that risks that apply to one part any one nation’s or group of…See More
17 hours ago
Training Doyens posted an event

Hot Issues in Multi-State & Internet Sales Tax at 26468 E Walker Dr, Aurora, Colorado 80016-6104

March 13, 2018 from 1pm to 2pm
OVERVIEWStates are tense. They need more revenue.Millions of dollars of internet sales occur daily without tax.  The states want their money. In just 90 minutes, learn the different ways your company triggers nexus on itself and what it must do to comply with state regulations.WHY SHOULD YOU ATTENDWill I owe taxes in more than one state for the same sale? Must I charge tax on my internet sales?  Why is my drop shipper charging me tax?  Why did I receive a NEXUS Questionnaire and what if I don’t…See More
18 hours ago


Occupational Health and Safety 7 Replies

Health and safety are important aspects of an organisation’s smooth and effective functioning.  Did you know that workplace health & safety injuries cost Australian businesses over $60 billion…Continue

Tags: Safety, and, Health, Occupational

Started by WHS Solutions. Last reply by Tony Ferraro yesterday.

About sailpoint software

An identity management system refers to an information system, or to a set of technologies that can be used for enterprise or cross-network identity management. Additional terms are used synonymously…Continue

Tags: sailpoint

Started by sujathayarlagadda on Friday.

What can be essentials safety measures taken to secure campus?

Students safety inside and outside the school premises is a huge concern in today's risk environment. what measures should be taken to ensure campus security?Continue

Tags: security, campus

Started by Jen McDade Feb 6.

What can be essentials safety measures taken to secure campus?

Students safety inside and outside the school premises is a huge concern in today's risk environment. what measures should be taken to ensure campus security?Continue

Tags: security, campus

Started by Jen McDade Feb 6.

What are the advantages of IoT in healthcare Industry?

No DescriptionContinue

Tags: Aware360, IoTin

Started by Jen McDade Feb 5.



© 2018   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service