Blog May 3, 2013

Who Should Sign a HIPAA BAA?

There has been a lot of talk about HIPAA BAAs lately as the new omnibus regulations take effect September 2013. Here is a [simplified] diagram of how medical & healthcare providers need to work with any parties that process or store their protected health information (PHI).

In this scenario you have a medical provider using a billing company who hosts their data with a managed hosting company. There are also instances when the medical provider works directly with the hosting company in which case they have to sign a BAA directly.

Feel free to share this with anyone that is going through this process right now.

Related Resources

 
Can HIPAA Data Be Stored in the Cloud?
Healthcare organizations are increasingly being tasked with securely handling the vast amount of electronic protected health information (ePHI) they obtain through multiple forms of technology.…
 
Are Smartphones HIPAA Compliant?
According to Pew Research, 81% of Americans now own a smartphone, and many employers are implementing BYOD (Bring Your Own Device) policies, which allow workers…
 
Why You Should Build Automation into Your Cloud Migration Plan
When migrating to the cloud, many organizations focus on which cloud platform suits their workloads best and how they can keep their workloads secure and…