HIPAA Compliance with a BAA

Tim Dubes | Aug 07, 2014

Ensuring HIPAA Compliance with a Business Associate Agreement

With the September 23, 2013 trigger date for the Omnibus rule of the HITECH act, many healthcare providers are trying to come to terms with the requirements for documenting business arrangements with vendors. The term Business Associate refers to any entity that provides supporting products and services that are related to Protected Health Information (PHI).  This is a broad reaching definition. 

Business Associate Agreements are formalized documents where these entities acknowledge their responsibility for maintaining security standards as part of the provider’s service.

For example, if a Hospital has adopted an Electronic Medical Records (EMR) solution, the software vendor would need to complete a Business Associate Agreement (BAA).  If the provider uses cloud-based services to store PHI data or documents containing PHI, they need to have a BAA.  These requirements are fairly straightforward.  It gets a bit more convoluted when vendors are used to transmit data. Just take a look at the FAQ section on the Health and Human Services site:

It can be hard to follow, and there is no rhyme or reason to some of the provisions, or the structure of BAA documents for that matter.  As they constitute legally binding documents, with substantial liability, BAAs are a cause of consternation. Some covered entities (providers) will take the “make everyone we deal with sign a BAA, that way we’ve covered our bases.”  However this approach diminishes the value of the BAAs, and what should be considered the due care associated with them.

In this webinar featuring Ross Leo from  and technology analyst Chris Dawson, the panelists discuss examples, exceptions and challenges associated with BAAs and PHI.


Ensuring HIPAA Compliance with BAA Webinar

Tim Dubes

About Tim Dubes

Tim Dubes Former Sr. Manager, Enterprise Marketing at eFax Corporate® - a part of j2 Global™
Search eFax Corporate

Retire Your Fax Server and Move to Cloud Faxing with eFax Corporate


eFax is the world’s #1 online fax service. Millions of customers rely on eFax to send and receive faxes from their computer, smartphone and email. See how we've made faxing simple for over 20 years. Start Faxing »