Blog May 3, 2013

Who Should Sign a HIPAA BAA?

There has been a lot of talk about HIPAA BAAs lately as the new omnibus regulations take effect September 2013. Here is a [simplified] diagram of how medical & healthcare providers need to work with any parties that process or store their protected health information (PHI).

In this scenario you have a medical provider using a billing company who hosts their data with a managed hosting company. There are also instances when the medical provider works directly with the hosting company in which case they have to sign a BAA directly.

Feel free to share this with anyone that is going through this process right now.

Related Resources

 
Your Crash Course on Security in the Cloud (and of the Cloud)
You’ve no doubt realized by now that cybercrime isn’t going away anytime soon. What you might not know is that approximately 43 percent of all…
 
What SaaS Developers Need to Know About HIPPA/HITECH Business Associate Liability
HHS releases new ‘fact sheet’ on Business Associate liability The agencies responsible for IT security and data privacy have a lot of flexibility over what…
 
What Does it Mean to Be a “Cloud Computing Company” in 2019?
If you were to do an internet search for “cloud computing company,” there would be hundreds of companies that would appear—and their offerings would cover…