BackArticles and Speeches

“Write, Revisit BAA Policies That Protect You When Associates Mess Up HIPAA,” Part B News

July 12, 2016
Roy Wyman

In an article published on July 11, 2016, Nashville partner Roy Wyman discusses the recent settlement that fixed responsibility for a HIPAA breach on a business associate, underscoring the importance of having proper, current, and well-managed Business Associate Agreements (BAAs) for all vendors. He notes that there are some vendors, such as collection agencies, that do have meaningful PHI access and frequently get overlooked. Mr. Wyman suggests that performing regular BAA audits is important. “Establish a benchmark of a certain percentage of BAAs being properly signed — say, 98%, depending on your entity — then pull a certain number of your BAAs and see if they meet the benchmark,” he says. Subscribers can find the full article here