Blog

are you sharing PHI with vendors without signing BAA?

Posted on Aug 21st, 2018

Posted By Sudarshan Mahajan

business associate agreement

Maintaining sufficient HIPAA-compliance standards within an organization is necessary, however, there are circumstances when PHI is shared with the vendors through data-storage services, communication providers, or document-disposal companies. HHS has provided guidelines for Business associates 45 CFR 164.502(e), 164.504(e), 164.532(d) and (e) for entities that are covered under HIPAA rule . 1Per HHS, ” A covered entity‚Äôs contract or other written arrangement with its business associate must contain the elements specified at 45 CFR 164.504(e).” hence, It is necessary for Healthcare organizations they must ensure that the vendors who undertake their work follow the compliance rules.

However, There are certain situations where Business Associate Agreement is not required for example 1per HHS, it is not necessary “With a person or organization that acts merely as a conduit for protected health information, for example, the US Postal Service, certain private couriers, and their electronic equivalents.”, ie. with the entities who act as a medium for the transfer of information.

Considering recent cybersecurity threats, Telegenisys ensures that PHI is protected from start to end by encrypting the sensitive data before transmitting it to its clients through such mediums. Telegenisys providers number of solutions and helps its clients meet HIPAA compliance requirements by providing HIPAA certified staff in a zero defects outsourced environment. know more..

HIPAA penalties are stiff if these guidelines are not followed. In his interesting article, Brad Spannbauer outlines the steps necessary to responsibly protect your patient information.


1 https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html

Audited hipaa compliance
iso 9001 certified company in USA
iso 27001 certified company
Accredited business BBB gradation company