Sign up to save your podcasts
Or
Share Episode 339: BAA Basics – What You Need to Know
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 339: BAA Basics – What You Need to Know
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.
In our latest episode, we’re diving into Business Associate Agreements (BAAs) for group practice owners.
We discuss what a BAA is; who is considered a business associate; how to execute and enforce a BAA; documenting BAAs; evaluating if a BAA is sufficient; why a HIPAA statement is not a replacement for a BAA; precedent for enforcement action from the Office of Civil Rights; and what qualifies under the conduit exception.
Listen here: https://personcenteredtech.com/group/podcast/
For more, visit our website.
ResourcesHHS Model Business Associate Agreement
HHS SAMPLE BUSINESS ASSOCIATE AGREEMENT PROVISIONS
PCT Resources
PCT article: What Is a HIPAA Business Associate?
PCT free CE course: Introduction to HIPAA Security for Group Practice Leaders
PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently
Policies & Procedures include:
Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
Computing Devices and Electronic Media Technical Security Policy
Bring Your Own Device (BYOD) Policy
Communications Security Policy
Information Systems Secure Use Policy
Risk Management Policy
Contingency Planning Policy
Device and Document Transport and Storage Policy
Device and Document Disposal Policy
Security Training and Awareness Policy
Passwords and Other Digital Authentication Policy
Software and Hardware Selection Policy
Security Incident Response and Breach Notification Policy
Security Onboarding and Exit Policy
Sanction Policy Policy
Release of Information Security Policy
Remote Access Policy
Data Backup Policy
Facility/Office Access and Physical Security Policy
Facility Network Security Policy
Computing Device Acceptable Use Policy
Business Associate Policy
Access Log Review Policy
Forms & Logs include:
Workforce Security Policies Agreement
Security Incident Report
PHI Access Determination
Password Policy Compliance
BYOD Registration & Termination
Data Backup & Confirmation
Access Log Review
Key & Access Code Issue and Loss
Third-Party Service Vendors
Building Security Plan
Security Schedule
Equipment Security Check
Computing System Access Granting & Revocation
Training Completion
Mini Risk Analysis
Security Incident Response
Security Reminder
Practice Equipment Catalog
+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures
+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours
+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)
+ assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)
+ more
View all episodes
By Person Centered Tech
4.9
1212 ratings
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.
In our latest episode, we’re diving into Business Associate Agreements (BAAs) for group practice owners.
We discuss what a BAA is; who is considered a business associate; how to execute and enforce a BAA; documenting BAAs; evaluating if a BAA is sufficient; why a HIPAA statement is not a replacement for a BAA; precedent for enforcement action from the Office of Civil Rights; and what qualifies under the conduit exception.
Listen here: https://personcenteredtech.com/group/podcast/
For more, visit our website.
ResourcesHHS Model Business Associate Agreement
HHS SAMPLE BUSINESS ASSOCIATE AGREEMENT PROVISIONS
PCT Resources
PCT article: What Is a HIPAA Business Associate?
PCT free CE course: Introduction to HIPAA Security for Group Practice Leaders
PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently
Policies & Procedures include:
Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
Computing Devices and Electronic Media Technical Security Policy
Bring Your Own Device (BYOD) Policy
Communications Security Policy
Information Systems Secure Use Policy
Risk Management Policy
Contingency Planning Policy
Device and Document Transport and Storage Policy
Device and Document Disposal Policy
Security Training and Awareness Policy
Passwords and Other Digital Authentication Policy
Software and Hardware Selection Policy
Security Incident Response and Breach Notification Policy
Security Onboarding and Exit Policy
Sanction Policy Policy
Release of Information Security Policy
Remote Access Policy
Data Backup Policy
Facility/Office Access and Physical Security Policy
Facility Network Security Policy
Computing Device Acceptable Use Policy
Business Associate Policy
Access Log Review Policy
Forms & Logs include:
Workforce Security Policies Agreement
Security Incident Report
PHI Access Determination
Password Policy Compliance
BYOD Registration & Termination
Data Backup & Confirmation
Access Log Review
Key & Access Code Issue and Loss
Third-Party Service Vendors
Building Security Plan
Security Schedule
Equipment Security Check
Computing System Access Granting & Revocation
Training Completion
Mini Risk Analysis
Security Incident Response
Security Reminder
Practice Equipment Catalog
+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures
+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours
+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)
+ assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)
+ more
More shows like Group Practice Tech
View all
Fresh Air
38,478 Listeners
The NPR Politics Podcast
25,891 Listeners
The Political Scene | The New Yorker
4,007 Listeners
Pantsuit Politics
4,917 Listeners
Pod Save America
87,200 Listeners
The Daily
112,454 Listeners
Up First from NPR
56,402 Listeners
The Group Practice Exchange
90 Listeners
Light Up The Couch
335 Listeners
Consider This from NPR
6,386 Listeners
The Ezra Klein Show
16,097 Listeners
We Can Do Hard Things
41,471 Listeners
The Headlines
586 Listeners
The Opinions
546 Listeners
Raging Moderates with Scott Galloway and Jessica Tarlov
1,267 Listeners