You have requested access to member-only content.

Strengthening the business associate relationship

HIPAA originally recognized the business associate (BA) as a contractor of a covered entity (CE), but did not mandate direct accountability to the regulations. This put the onus on a CE to ensure, contractually, that its BAs met applicable requirements and supported their CE clients' compliance. When the Privacy and Security Rules first became effective, many CEs accepted BA contracts (BAC) (sometimes also called BA agreements [BAA]) from their BAs. Some BAs were actually quite adamant about having the CE sign their BAC. Although it was the obligation of a CE to initiated the BAC and the CE was liable under the law for compliance, in most cases, BAs offered a BAC that met the legal requirements and often looked like the model offered by HHS. If this was not the case or if either party wanted additional provisions, the CE and the BA negotiated a contract. No provisions required by HIPAA could be removed or changed, but other provisions could be added.

This is an excerpt from member-only content. Please log in or become a member.

Not a member? Join now!

Revenue Cycle Advisor is the key to your organization's Medicare regulatory news and education. It combines all of HCPro's Medicare regulatory and reimbursement resources into one handy and easy-to-access portal. News is not just repeated from other sources. It is analyzed by our Medicare experts so professionals can comprehend any new rule updates thoroughly.

For questions and support, please call customer service: 800-650-6787.