- For all Business Associates (BA), you MUST have a signed Business Associate Agreement (BAA) between the parties. If you have a vendor who will not sign a BAA, it is recommended you find another vendor. Please get in touch with your coach for an introduction to a certified solution provider who has the Seal of Compliance and will sign a BAA. For large corporations like Microsoft, their Master Services Agreement includes the BAA language. Please note that on your vendor information.
- For non-BA Subcontractors, it is recommended you have a Confidentiality Agreement in place.
- Suppose the Business Associate does not pass the Vendor questionnaire. In that case, you must send a corrective action plan asking them to show proof of remediation of the sections they responded no to. The corrective action plan should then be uploaded to the vendor profile's 'Upload Documents' section for documentation purposes. If the Vendor does not agree or cannot accommodate the HIPAA Security Rule, you should NOT do business with them; continuing to do business with the Vendor creates a significant threat to your HIPAA compliance. Remember, the rule states you cannot accept a Business Associate's risk. Please get in touch with your Coach for an introduction to a certified solution provider who has the Seal of Compliance and will sign a Business Associate Agreement.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article