Blog

The Simplest Way to Manage Your Business Associate Agreements

Importance of a Business Associate Agreement

The Privacy Rule under HIPAA requires the safeguarding of protected health information (PHI) and applies to all covered entities (CE) – healthcare providers, health plans and healthcare clearinghouses. Most providers do not carry out ALL their necessary healthcare functions. Billing, medical software, and electronic health records are just a few examples of services that must often be outsourced to other organizations, commonly referred to as vendors or business associates (BA). The Privacy Rule allows covered entities to disclose PHI to BAs so long as the provider obtains satisfactory assurances that the BA will use the protected information only for the intended purpose and will safeguard the information from misuse.

These terms and assurances should be outlined in a formal document called a business associate agreement (BAA). The problem arises that many providers have multiple BAs that help them with their processes, and each of those BAAs need to be managed in an organized and efficient way.

Our Mission

As part of our goal to deliver a comprehensive compliance solution to our clients, Intraprise Health has created a tool that allows healthcare providers to create and organize vendor contracts in one easy, web-based application. The HIPAA One® Business Associate Management (BAM) is a software designed to provide you with a single location to store and manage your vendors, including HIPAA-defined Business Associates (BA), and to create and manage BAA in support of the services provided to your business.

The Simplest Way to Manage your Contracts

BAM offers the same functional, intuitive software as our other tools, with additional features such as:

  • Flexible, customizable contract templates
  • Requesting proof of compliance
  • Bulk upload of vendor information
  • Built-in electronic signature capabilities
  • Automated task reminders and status tracking

BAM offers automated solutions for some of the most difficult aspects of business associate agreements; such as having to create a legally-binding document from scratch, requesting vendor proof of compliance, inputting and organizing vendor information, and remembering to complete tasks and upkeeping throughout the year.

Why does it matter?

Because a BA’s use of protected health information is an extension of the CE under the Privacy Rule, the CE is responsible to ensure that BAAs are in place and up to date. Additionally, if a BA experiences a breach, the CE is liable for notifying the Department for Health and Human Services as well as their patents, even if it is of no fault of their own. With BAM, covered entities can utilize features to ensure that their BAs remain in compliance and reduce the risk of a breach.

How does it work?

Utilizing BAM is simple:

  • Upload your organization’s information
  • Modify the sample agreement or copy-paste over a previous agreement from another document
  • Input vendor information and assign them to a contract group, and push send
  • Track vendors’ contract statuses such as viewed, not viewed, approved, rejected, etc.
  • Set auto reminders for upkeeping purposes

BAM comes included with every HIPAA One® account at no additional cost. For more information, visit our solutions page.

About the Author
Avatar photo

Greg Brock

Chief Technology Officer
Greg Brock, Chief Technology Officer of Intraprise Health, has over 31 years of experience in the design, development, and delivery of advanced software solutions for space, government defense, and healthcare service industries. See full bio