Business Associate Agreements (BAA): Why the Pushback from Business Associates

Why Should You Attend:

The new Omnibus Final Rule requires all covered entities to update their Business Associate Agreements (BAAs) with their business associates (BAs). In the past, the majority of BAs simply signed these agreements in an effort to continue to do business with each CE. And now they want to negotiate terms – why do the BAs want us to change these agreements all of a sudden?

This webinar will look at the recent Omnibus Final Rule outlining that all covered entities (CEs) are required to present their BAs with new BAAs before September 23, 2014. It will discuss responsibility, liability, indemnification, injunctive relief, and other topics that are causing, or may be causing, contention.

This webinar will also explain why the business associates that you have always used must really look at everything in a new way in an effort to lower risks and to better protect their businesses and their employees. Attendees will learn some of the reasons for the change in the attitudes of BAs.

Learning Objectives:

• What are the new responsibilities of BA
• Why some of the attitudes have recently surfaced from the BAs
• Why they are resisting some of these agreements
• What the BAAs are now required to do according to the Omnibus Final Rule

Areas Covered in the Webinar:

• Omnibus Final Rule requirements regarding BAAs
• The BAA – what it was, what it is now, and what it might be in the future
• The CE’s obligations
• The BA’s obligations
• Liability
• Indemnification
• Pushback

Who Will Benefit:

This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, offsite records management companies, document destruction companies, scanning/imaging companies, x-ray destruction or recovery companies, IT service providers, business associates (shredding, data storage, systems vendors, billing services, etc). The titles are:

• Compliance Director
• CEO
• CFO
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/Lawyer
• Office Manager
• Contracts Manager

Instructor Profile:

Tom Dumez, spent many years in the records and information management industry. As a result of his experiences and his various roles within that industry, Tom learned a great deal about HIPAA. Tom became a Certified HIPAA Professional as well as a Certified Security Compliance Specialist. One of his responsibilities was to preview BAA’s and submit concerns and/or questions to the President of the organization that he worked for. As the laws were changed and updated, Tom’s experiences with previewing these agreements helped to mitigate risks and prevent unnecessary liabilities being placed on the BA that he worked for, by the CE’s that his company did business with. In January 2013, Tom founded Prime Compliance of Grand Rapids, MI, where he serves as owner and president.

Topic Background:

The BAs that a covered entity CE uses to perform a covered function for them must now assume responsibility and liability for their actions when it comes to the handling of protected health information (PHI).

The BAs must also follow the Security Rule and the Privacy Rule, which is a new concept for many of them. In spite of historically doing a great job of protecting the information that has been entrusted to them, the pressure to comply with these laws can be daunting to them. They also have some very strict requirements for the companies that they may outsource a service to, that perhaps they do not provide themselves. That just adds to their pressure, as they must now obtain reasonable assurance that these companies also do things in a certain way. It used to be that a majority of BAs would simply sign the agreements presented to them, but now they are requesting more and more changes to our agreements.

Follow us :