Unlock eSignature Legitimacy for Business Associate Agreement in Australia

How to eSign a document: eSignature legitimacy for Business associate agreement in Australia

hi everybody i'm jennifer blevin-smith with integral clinic solutions and you're watching my youtube channel navigating the business of medicine [Music] today our topic is business associate agreements or business associate contracts this is a requirement in the hipaa legislation and it is basically a written agreement specifying between covered entities and any vendors or individual people that they work with that involves phi and the specific requirements that the responsibilities are for each side when it comes to handling protected health information or phi business associate agreements are very important and they should be kept on file with your clinic and they are required to be reviewed and signed by vendors contractors whatever that could be before they have any access to phi the one thing that a lot of covered entities which if you're familiar with hipaa covered entities are any kind of doctor's offices hospitals anywhere that provides patient care electronic health records systems clearing houses anything that stores or has any kind of access in creating protected health information the vendors that might need to have one of these baas on file with you would be maybe your ehr system your clearing house your vendors that might be coming into the office to clean any kind of i.t people who will have indirect or direct access to private health information those are the people that you want to make sure uh review and agree and sign these baas if they've worked in healthcare before most likely they're very familiar with this and they will bring it up to you and make sure that they have one on file as well because they understand how important it is and the penalties if you don't the thing about baas and what a lot of covered entities might not understand is that it doesn't necessarily indemnify you if something were to happen with a large hipaa breach it is the covered entity's responsibility to make sure that you are checking on your contractors subcontractors vendors whomever you have a baa signed with and making sure that they have done risk assessments on their end to make sure that they're hipaa qualified that they understand what their responsibilities are if something were to happen and if it has happened that they've taken the appropriate steps the things that the baa should include is the type of phi that they will have access to as someone who is working with you as a comfort entity based on their role so usually you have people who sign these if they create phi they store phi it's a pass through or it's a way for you to get phi from one place to another if they will inadvertently maybe come across phi in their duties that it's a possibility and this doesn't excuse you as a covered entity or your staff from not doing your due diligence and making sure that you're still upholding all of the hipaa requirements of making sure that as little access to people's phi is available to outsiders but it definitely helps cover you the other thing that the baa should include is the allowable use and disclosure of the phi based on their role with you as a covered entity the third thing is what measures that they will take to protect the phi and that's administrative measures physical measures anything like that so you want to make sure that you have discussions with these people not just asking them to review the baa and sign it but you need to have a detailed conversation about all of this as well to make sure that they know that you know that what your role is in this whole situation and that you want to make sure you're covering your back and making sure everyone is being compliant on what they are agreeing to the last thing that the baa should really include are the requirements that if a breach should happen whose responsibility it is to do which actions and what time frame that is required ing to hipaa depending on how many people are involved what kind of breach it is you have certain amount of time to report and where to report and how to report and if you need to notify the patients who are involved in the breach that kind of thing so you want to make sure that that is all spelled out in your agreement i know a lot of people like to keep electronic copies of contracts agreements any kind of important paperwork and that is a good idea because it can be as a backup as well but it's also i feel best practice to keep a binder in your manager's office or in your office with all the baas in one place so if you were ever to get audited or you need to check on something or you need a quick reference and electronic computer or access is down you still can get to that i know a lot of people think that's a waste of paper but i'm kind of old school and i like paper and it's for the reason of direct quick access referencing and also the electronic is a great backup but there's just something about having paper having it in your hand and being able to utilize it as soon as you need to without a lot of obstacles or obstruction now i'm just hitting the main surface of business associate agreements and i encourage you to go to the dhs website and look these up especially as being an owner you want to understand what you're asking your business associates to agree to and what your responsibilities are as an owner as a covered entity but this is something i want to bring awareness to and i will put a link or a few links in the description of the video that maybe you can go visit that will help give you a quick overview until you have time to really dive deeper into this all of the regulations behind hipaa are very complex and can be very cumbersome and overwhelming and to be honest with you even for as long as i've been in management in health care i still have to reference things once in a while or i'm learning something new because maybe i'm experiencing something i've never experienced before and it's never come up or i've never really taken the time to dive deep into things because there's so much that i just have a very high general overview and feel like i'm going to be able to navigate the situation okay until i need to know more but as a business owner and with your liability on the line and your livelihood i really encourage you to work with your manager and make sure that you guys are covering all your bases and that you make a list maybe of all the vendors that you feel will have access to phi that need to sign a business associate agreement and keep a table of contents kind of in the front of that binder or with your electronic documents of whom has signed those business associate agreements and what date so it's an easy reference as well and one of the things i did read when i was looking this up to make sure that i'm giving a good overview of this information is some covered entities go i'm just going to have every vendor i work with just sign a business associate agreement to make sure that i cover my bases and you know err on the side of caution but dhs doesn't really like that either because they feel like you don't understand what the purpose of the baa is and they did some kind of research with health care providers in california and found a lot of people do that and that doesn't look good to them either if there was a breach or some kind of negligence so definitely make sure you understand who should be signing it why they should be signing it what kind of access they'll be having to phi and the reason why they'll have to be signing it so that if you ever get questioned or audited you feel confident in your responses and that you did everything you could do or your due diligence to cover yourself and your patients best interests if you have any questions or comments on this topic i would love for you to leave it in the comments this is something that we all need to help back up and teach one another and support one another because like i said it can be very detailed and complex and cumbersome so any tips or tricks that you can offer to your colleagues or to me i would appreciate it hit the thumbs up button if you feel like today's video was helpful for you and subscribe to my channel if you haven't already i appreciate the support i definitely see my channel growing and i really truly appreciate it i hope you guys all have a wonderful week take care of yourselves [Music] [Music] you