The HIPAA privacy and security rules require all Covered Entities (CEs) to enter into Business Associate Agreements (BAAs) with entities that perform services for the CEs, if the services require the Business Associates (BAs) to create, receive, maintain, or transmit protected health information (PHI).
The HIPAA rules list the basic required content for BAAs, but as the relationships between CEs and their BAs mature, BAAs are becoming more sophisticated and need to address important issues not mentioned in the HIPAA requirements, such as indemnification, cyber-liability insurance requirements, detailed notice requirements, ownership of data, audits, information technology requirements, system availability, return of data to the CE at termination, and more.
Please join Christine Williams as she covers new issues that should be addressed in BAAs and how best to address them.
Just a sampling of what this webinar will cover:
- Why a basic BAA that has all of the content required by the HIPAA rules is not enough anymore
- What an indemnification provision covers and why it should be included
- Insurance requirements that should be included, including cyber-liability insurance
- How to make sure PHI is returned to the CE in usable form at the termination of the agreement
- Audit provisions and “standard audit policies”
- Clarity in language addressing ownership of PHI at all phases of the BA’s services
- Details that should be included in notice and termination provisions
- Technology requirements
- And much more!
Presenter: Christine Williams, Attorney at Law, Founder, Health Plan Plain Talk
Continue by clicking on the following link: