4. Business Associate Agreements
Business associate agreements must be signed with each of your business associate vendors. A BAA is a legal contract that requires each signing party to be HIPAA compliant and be responsible for maintaining their compliance. When a vendor doesn’t sign a BAA, it cannot be used for business associate services.
Common examples of business associates include electronic health records platforms, email service providers, online appointment scheduling software, and cloud storage providers.
5. Incident Response and Reporting
The HIPAA Breach Notification Rule requires practices to have a system to detect, respond to, and report breaches. Employees must also have the means to report incidents anonymously and know what to do if they suspect a breach has occurred.
Compliance You Can Trust
Compliancy Group helps occupational therapy practices achieve and maintain HIPAA compliance. Gone are the days of confusing research and hundreds of pages of untouched policy binders.
Occupational therapy practices that work with Compliancy Group can be confident that they meet all HIPAA standards. As the Preferred Provider for HIPAA compliance for the AOTA, you know you can trust us.