First Healthcare Compliance hosted an educational webinar, “Business Associate Agreements: What You Need to Know” with Jennifer Gimler Brady, Esq. of Potter, Anderson, Corroon, LLP. Click here to view the webinar.
For covered entities and business associates, Jennifer provides answers to some commonly asked questions regarding Business Associate Agreements (BAA).
Is a physician practice required to have a business associate agreement in place with the janitorial services contractor that cleans the offices and removes trash?
No, a BAA is not required with persons or entities whose functions, activities, or services do not involve the use or disclosure of PHI, and where any access to PHI would be incidental, if at all.
If the janitorial services contractor also provides document shredding services to the practice, should the practice have a business associate agreement with the contractor?
Yes, on the assumption that the documents that will be handled and shredded include PHI.
Must a business associate agreement include a requirement that the business associate have or obtain cyber liability insurance?
No, HIPAA does not require covered entities to ensure that business associates have insurance coverage for data security incidents. But given the potentially significant costs that can be associated with a security breach, it’s a good idea to consider requiring such insurance.