Business Associate Agreements

If you wish to fill out a BAA with Sfax to have on file, please email or call us at 877-493-1015.

What is the intent of business associate agreements? One of the purposes of HIPAA again is to safeguard protected health information (PHI). To the extent you have control of PHI, you must take appropriate steps to establish these safeguards. In a medical practice, many of the provisions of this rule apply to “business associates” who have contact with you and, therefore, access to PHI.  

You cannot release or disclose PHI to business associates unless both parties have a business associate agreement in place. The business associate agreement must contain a confidentiality clause that holds the business associate accountable for protecting PHI. The business associate cannot use or further disclose the information in any way that violates the Privacy Rule.  

When a relationship with a business associate ends, the business associate must return or destroy all PHI within a reasonable time frame. 

Who qualifies as a business associate? A business associate is any person with whom the practice discloses protected health information (PHI) for the purpose of carrying out, assisting in the performance of, and performing for or on behalf of, a function or activity for the practice. This includes persons or contractors who receive PHI from your practice in the course of providing a service to you. You may only disclose this confidential PHI to a business associate if the associate has taken steps to ensure the confidentiality of the information. 

You can also find more details on this  government website

**IMPORTANT – CANADA & PUERTO RICO CUSTOMERS** Please email or call us at 877-493-1015 so we can address your needs.