Close this search box.

+1 (888) 895-8366

Healthcare providers save about half a million lives every year, but they do not do this alone. They work with all sorts of different professionals and tools to keep the various cogs turning. With the importance of protecting patients’ personally identifiable information, it’s no surprise that the Business Associate Agreement came to be. 

What is a business associate?

As the name implies, a business associate is a party that has a hand in the healthcare business. More specifically, it is an individual or company hired by a covered entity (such as a healthcare provider) to perform services that provide access to protected health information. This could include:

  • Outside lawyers, IT specialists, and accountants
  • Software companies that handle protected health information
  • Claims processing companies
  • Medical transcription companies
  • Companies that help healthcare providers accept payment for providing medical services
  • Health plan companies
  • Medical record destruction and archive services

Business associates are required to the rules of HIPAA, enforced by the same tiered penalty structure healthcare providers face following instances of noncompliance. These fines can reach $1.5 million per instance per year in the worst-case scenarios.

The key to staying compliant? Actively safeguard your protected health information. Before doing anything with medical records, do your research to make sure it’s done per regulations. HIPAA regulations may be rigorous and complicated, but negligence often leads to the largest fines.

What is the Business Associate Agreement?

Before enlisting the services of lawyers and other professionals who require access to protected health information (PHI), covered entities must have them sign a Business Associate Agreement. This contract legally binds the business associate to adhere to the various rules of HIPAA and the HITECH Act or face the same strict penalties. 

The Business Associate Agreement requires the business associate to follow the administrative, technical, and physical safeguards to prevent unauthorized viewership of protected health information. PHI contains a lot of private information that is invaluable for hackers.

HHS requires that the contract clearly list the following information and expectations:

  • How the business associate will and may use disclosed protected health information
  • The requirements of appropriate safeguards to protect PHI
  • The prohibition on using PHI for anything that is illegal or not explicitly listed on the contract

To best protect medical records and ensure compliance after signing a BAA, take every precaution you can think of. Don’t forget to:

  • Avoid leaving physical documents unsupervised. Also, if you are not actively reviewing them, make sure they’re physically safe from unauthorized viewers.
  • Lock everything, from your door to your PC.
  • Use secure modes of conversation. Don’t disclose any details to your client via social media, for example.
  • Abide by the Minimum Necessary Standard, which limits the information you can share to the minimum necessary to accomplish the goal of the disclosure.
  • Keep an antivirus and VPN active, and change your passwords regularly.
  • Only discuss protected health information in private settings. This is because other people should not be able to hear details. 

If you’re unsure if your actions or standards will qualify, don’t assume. Do a little research, and possibly save yourself from causing a breach (and facing heavy penalties).

What ChartRequest does for business associates

If you are a lawyer looking for help maintaining HIPAA compliance for your Business Associate Agreements, ChartRequest is here to help. Our secure platform is designed to streamline the entire process, improve transparency and communication, and expedite data sharing.

Streamline the process

We only ask for the essential information, so the average medical records request can be completed in just minutes once a release of information authorization form has been completed. With ChartRequest, you can also send an electronic authorization form to your clients via text or email. 

You can also send requests to multiple healthcare providers at once, customizing which additional services you need for each. This could include notarization, certification, images, various forms, and other options based on custodian offerings.

Improve transparency and communication

You can check the status of requests placed with ChartRequest anytime for real-time updates. Additionally, each request includes a built-in provider chat, offering a direct line to the healthcare provider. Any new information, questions, or corrections can be shared here to get a quick response without the need to pick up a phone. 

Expedite data sharing

We have a specialized platform called CaseBinder for lawyers and insurance agents. We also offer the healthcare providers in our network our care coordination platform. With this, we empower healthcare staff to release more records per hour, helping them get to yours faster.

To see how ChartRequest can help you stay compliant to both your BAA and HIPAA, sign up for an account today. If you also want to learn how to save 50% on administrative costs, ask us about CaseBinderPro.

Click here to read our complete guide to electronic health records for healthcare providers.

For our complete guide to electronic health records for legal professionals, click here.

Leverage Medical Records For Mass Tort Payouts
Mass tort payouts can be massive, but they often require quick and accurate access to your clients' medical records.
Hackensack Meridian Health Penalized $100K For Medical Records Right of Access Penalty
Hackensack Meridian Health, also known as Essex Residential Care, recently faced a $100,000 penalty for Right of Access failure.
What Is the Epic Vs. Particle Health Dispute Regarding Carequality?
The dispute between Epic vs. Particle Health has healthcare professionals split, and this article provides an unbiased breakdown.
Mass Tort Litigation Guide for Personal Injury Attorneys
Mass tort litigation can be a practical way to pursue compensation for numerous personal injury and medical malpractice claimants.
What is a Combined Ratio in Risk Adjustment?
The combined ratio is a financial metric that measures insurance company revenue compared to claims payout.
10 EHR Systems for Physicians to Consider in 2024 by ChartRequest
Reviewing EHR systems can be daunting, so this article covers what you should look for and features 10 high-end systems for you to compare.

Want to Stay Updated?

Subscribe to our newsletter to learn:

  • Tips to Ensure Compliance
  • Strategies for ROI Success
  • Relevant Healthcare News

We respect your inbox, so we’ll only reach out to share high-quality content.

Sign Up for Automated Care Coordination Updates!

Our automated care coordination and referral management solution is coming soon!
If you’d like to be the first to learn new information and find out when it’s ready, please fill out this form:
This field is for validation purposes and should be left unchanged.