Why a BAA is critical for dental practices

Article

What's a BAA, and why is it so important for your dental practice? Dr. Lorne Lavine explores why this document could be crucial to HIPAA compliance.

As most dentists are aware, the data we collect on patients is often not limited to our eyes only. There are many professionals that we work with on a daily basis that have access to patient information.

Some of these people include:

  • Your accountant

  • IT company

  • Offsite data backup provider

  • Email provider

All of these people are called business associates. According to HHS, A “business associate” is any person or entity that performs activities or specific functions for the dental practice which would involve the use or disclosure of patient information.” It is important to understand that anyone involved with the continuum of care, or those expected to have only inadvertent access to data, are not included in this list. So, for example, referring offices, labs and office cleaning crew are not business associates, nor is any company that acts as a conduit for information such as the US Postal Service or UPS.

More from Dr. Lavine: To encrypt or not to encrypt... it's not really a question!

So, why is all this important? Well, dental practices are required to have a written agreement in place with each one of their business associates. The Privacy Rule requires dental practices to have written assurance that its business associates will safeguard all patient information it receives or creates for the practice. The new rule also allows the government to impose penalties on the business associates and their subcontractors. That was not the case previously.

The final version of the HIPAA Rules require that covered entities (that would be you) enter into contracts with their business associates (that would be us) to ensure that the business associates will appropriately safeguard protected health information.  This Business Associate Agreement also serves to specify the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate.  A business associate may use or disclose protected health information only as permitted or required by its business associate contract, or as required by law.

A business associate is directly liable under the HIPAA Rules and subject to civil and, in some cases, criminal penalties for making uses and disclosures of protected health information that are not authorized by its contract or required by law. A business associate also is directly liable and subject to civil penalties for failing to safeguard electronic protected health information in accordance with the HIPAA Security Rule. 

More from Dr. Lavine: Risky business: HIPAA compliance and the importance of risk analysis assessments

So, what do you need to do? Easy, find a Business Associates Agreement template that was written after the Omnibus Rules went into effect in 2013 (you can email me at drlavine@thedigitaldentist.com and I will gladly send you one). Send it to all your business associates, and keep a copy of the signed agreement with both signatures on it.

By the way, if a company won’t sign the agreement, then you should re-evaluate your relationship with them. For example, if you’re using regular Gmail for sending patient info, Google will not sign the agreement, and since regular Gmail isn’t HIPAA compliant anyway, that’s a good time to look into a more compliant solution for email. The same holds true for all other potential business associates you have.

 

Recent Videos
GNYDM24 Product Focus: Josh Gosnell, Vice President, Business Development at Adit, explains how cloud-based analytics and patient communication software can enable practices to run more efficiently.
DS World 2024 Interview with Katrina Sanders, RDH
Mastermind 42 – Episode 42 – Getting Those 5-Star Reviews for Your Dental Practice Part 2
Mastermind – Episode 41 – Getting Those 5-Star Reviews for your Dental Practice
Mastermind – Episode 39 – Resolving Conflicts in the Dental Practice
Mastermind – Episode 35 – Finding Strength in Our Differences
The Uptime Health Story: An Interview with Uptime Health CEO and Co-Founder Jinesh Patel
2024 Dental Products Report Spring Selection Bracket Reveal Video
CDS 2024: What's New at TAG University? with Andrew De la Rosa, DMD
Related Content
© 2024 MJH Life Sciences

All rights reserved.