What is a Business Associate agreement and do I need one?
HIPAA allows covered entities (such as hospitals, clinics, etc) to disclose protected health information to their “Business Associates.” The covered entity must have a written contract with the Business Associate that obligates the Business Associate to take appropriate steps to safeguard the information and to help the covered entity comply with its obligations under HIPAA. Since telemedicine consultations involve the disclosure of protected health information, a Business Associate agreement between the remote site and the provider organization is recommended to properly protect patient clinical information confidentiality. Such an agreement may be incorporated into an affiliation agreement if the remote site is already affiliated with the provider organization. Seeking legal counsel is advised when reviewing this issue.
