The year 2019 brought with it several new requirements and policies for businesses. One of the most prominent changes was the new Business Associates Agreement (BAA) which affects how companies deal with customer data.
A BAA is a legal contract that outlines the responsibility of businesses that handle personal health information (PHI) on behalf of a healthcare provider. The BAA ensures that all customer data is protected and that both parties are aware of their obligations when it comes to handling and managing PHI.
The BAA is a HIPAA requirement that healthcare providers are required to implement when using the services of a business associate. This includes companies that provide services such as accounting, billing, and IT support to healthcare providers.
The 2019 BAA outlines several key changes that businesses need to be aware of. One of the most significant changes is the requirement to implement a Business Continuity Plan. This plan must outline how businesses will continue to operate in the event of a disaster or emergency.
Another significant change in the 2019 BAA is the requirement to have a clear understanding of what constitutes a breach of PHI. Previously, businesses were required to report any breach of PHI regardless of the risk to patients. However, the new BAA requires businesses to evaluate the risk to patients and report only those incidents that pose a significant risk.
In addition to these changes, the new BAA also requires businesses to implement better encryption mechanisms to protect PHI. Businesses must ensure that all PHI is encrypted both when at rest and in transit.
Finally, the 2019 BAA also requires businesses to conduct regular risk assessments to identify potential vulnerabilities and take steps to address them. This includes identifying potential insider threats and ensuring that all employees are trained in data security best practices.
In conclusion, the 2019 Business Associates Agreement highlights the importance of protecting customer information and provides guidelines for businesses to follow. By implementing these policies, companies can ensure that they are in compliance with HIPAA regulations and protecting their customers` information.