HIPAA compliance for business associates

HIPAA Compliance for Business Associates - Paubox

I went to a networking event for healthcare startups in Sunnyvale recently and was surprised by what I learned. The event was well attended and it featured pitches from three startups, followed by keynote speaker Casper De Clercq of Norwest Venture Partners. While the keynote speaker was very informative, what stuck out most in my mind that evening was a likely HIPAA violation that one of the startup speakers referenced during his pitch.

HIPAA Compliance for Business Associates and their Subcontractors

Without going into too much detail about the nature of his startup, one of the speakers that night mentioned something along the lines of, “our code is on a shared server that I give my developers access to.” Whoa! I couldn’t believe what I had just heard. From a HIPAA compliant email viewpoint, let’s take a look at why this was so shocking to me:

  • Who else has access to the shared server?
  • He had already mentioned his developers were subcontractors so the question arises, have those subcontractors signed Business Associate Agreements with his startup?

As we previously covered in a post about the HIPAA Privacy Rule for Business Associates, subcontractors who come into contact with protected health information when doing work for a Business Associate (BA) are themselves considered Business Associates. In other words, these subcontractors are required by law to sign a Business Associate Agreement with the BA that has hired them. And as we also covered in a post about Business Associate Agreement Provisions, every BAA must contain, at a minimum, 10 provisions that must be covered. In other words, the Business Associate Agreement has some serious teeth to it, it’s required by law and it should not be taken lightly.

Choose a Technology Partner that adheres to HIPAA Regulations

If you are a covered entity, a BAA is a must for any technology partner that handles PHI for you. Insist that all of your Business Associates sign such an agreement with you. Here at Paubox, we have a Business Associate Agreement ready for your review and signature. Contact us today to get started.

Try Paubox Email Suite for FREE today.

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport