Maintaining sufficient HIPAA-compliance standards within an organization is necessary, however, there are circumstances when PHI is shared with the vendors through data-storage services, communication providers, or document-disposal companies. HHS has provided guidelines for Business associates 45 CFR 164.502(e), 164.504(e), 164.532(d) and (e) for entities that are covered under HIPAA rule . 1Per HHS, ” A covered entity’s contract or other written arrangement with its business associate must contain the elements specified at 45 CFR 164.504(e).” hence, It is necessary for Healthcare organizations they must ensure that the vendors who undertake their work follow the compliance rules. However, There are certain situations where Business Associate Agreement is not required for example 1per HHS, it is not necessary “With a person or organization that acts merely as a conduit for protected health information, for example, the US Postal Service, certain private couriers, and their electronic equivalents.”, ie. with the entities who act as a medium for the transfer of information. Considering recent cybersecurity threats, Telegenisys ensures that PHI is protected from start to end by encrypting the sensitive data before transmitting it to its clients through such mediums. Telegenisys providers number of solutions and helps its clients meet HIPAA compliance requirements by providing HIPAA certified staff in a zero defects outsourced environment. know more.. HIPAA penalties are stiff if these guidelines are not followed. In his interesting article, Brad Spannbauer outlines the steps necessary to responsibly protect your patient information.