Special LIVE Event: Marketing Your Telehealth Services: Successful, Legal & Ethical Online Strategies See Details

Telehealth.org_white_TM-pjv6xsrnwgp9iomadwb59h909wk53rjdzvgh9xqs6c

Business Associate: How to Vet Behavioral Health Business Associates To Comply With HIPAA

by | Apr 4, 2020 | 0 comments

Business Associate

As a HIPAA-covered entity, behavioral health professionals have an obligation to vet their business associates. Vetting associates ensure that the protected health information (PHI) that they create, receive, transmit, maintain, or store on behalf of the covered entity is secure and is HIPAA compliant.

What is a Business Associate?

A business associate is any vendor that a covered entity contracts that may contact PHI over the course of work they are hired for.

A business associate for a behavioral health professional may include:

  • Electronic Medical Record (EHR) platforms
  • Teleconferencing tools (i.e., Zoom, GoToMeeting, Skype, etc.)
  • Email providers (if the email is used in conjunction with PHI)
  • Cloud service providers (i.e., AWS, Microsoft Azure, etc.)
  • Medical billing services
  • Accountants

How to Vet Associates

The Department of Health and Human Services (HHS) requires covered entities to vet their business associates. Failure to adequately vet associates leaves covered entities liable should their associate experience a healthcare breach. To avoid costly HIPAA fines, covered entities must vet vendors before sharing PHI.

The best way to vet these individuals is to send them vendor questionnaires. HIPAA standards mandate that the confidentiality, integrity, and availability of PHI be maintained by implementing HIPAA safeguards. Vendor questionnaires measure administrative, physical, and technical safeguards against HIPAA compliance standards.

Upon completion of a vendor questionnaire, gaps in the business associate’s safeguards are identified. Before covered entities can work with the associate, they must address their gaps with remediation efforts. If a business associate is unwilling to address gaps, the covered entity should choose another vendor to work with.

Associate Agreements

In addition to vetting vendors, before covered entities can share PHI with their associates, they must have a signed business associate agreement (BAA). A BAA is a legal document that mandates the safeguards the vendor must implement. A BAA also limits the liability for both signing parties as it states that each party is responsible for maintaining their own HIPAA compliance.

What Are Your Thoughts?

Please leave your comments below.

Introduction to Telehealth

Would TBHI Telehealth Training Help You?

Introduction to Telehealth Theory & Practice

Enjoy a fast-moving overview of telebehavioral and telemental health. Understand the key points related to telehealth clinical, legal, ethical, technology, reimbursement, social media and other pivotal issues.
https://telehealth.org/telehealth-introduction/

Disclaimer: The Telebehavioral Health Institute (TBHI Telehealth.org) offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Terms and Conditions and Privacy Policy.

0 Comments

Submit a Comment

Your email address will not be published.

Blog Categories