According to the HIPAA Omnibus Rule, health care providers must execute contracts called Business Associate Agreements (BAAs) with business associates before any protected health information (PHI) can be exchanged.
PHI is any demographic information that can be used to identify a patient, such as name, address, full facial photo, Social Security Number, financial information, and medical records, to name a few.
Business associates (BAs) are vendors or service providers who encounter PHI over the course of the work they're paid to do for a health care provider. Common examples of these include EHR platforms, video chatting clients, cloud and physical storage facilities, email, encryption, IT and managed service providers, and more.
Business Associate Agreements, or BAAs, protect telebehavioral health professionals from liability in the event of a data breach caused by a business associate.
Video chat service providers used for telehealth purposes are necessarily considered business associates under HIPAA regulation. This is because of the sensitive nature of the information exchanged between client and practitioner. Information exchanged during therapy sessions is considered PHI, and must be protected under HIPAA.
In order to protect your practice as a telebehavioral health professional, make sure you execute a BAA with your video chat client provider. This is the absolute bare minimum HIPAA standard that you can implement to protect your practice from liability and keep your patients' sensitive health care data safe!
Better yet: your organization should vet potential video chat service provider (and all BAs) against the HIPAA rules to ensure that they're HIPAA compliant. HIPAA compliance goes a long way to mitigate the impacts of a breach on your practice, and saves you from being implicated in a HIPAA audit if your business associates are investigated.
$41 million in HIPAA Reported Fines since January 2016
HIPAA has become a major priority for the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) in the past few years--and more serious enforcement efforts are to be expected in the years ahead.
The best way to protect against HIPAA violations and OCR investigations is with a HIPAA compliance solution that develops an effective compliance program for your practice. By addressing the full extent of the law, you give your telebehavioral health practice and the patients you serve a strong defense against ever-mounting data breaches and fines.
Compliancy Group is the industry-recognized leader in HIPAA compliance. Behavioral health professionals can become confident in their HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance.
Compliancy Group's team of expert Compliance Coaches® guide users through the implementation process through weekly online meetings and ongoing HIPAA guidance. The Guard addresses the full extent of HIPAA regulation, including vendor management with full documentation to back it up.
With The Guard, behavioral health professionals can focus on running their practice while keeping their patients' data protected and secure.
Find out more about how Compliancy Group and HIPAA Seal of Compliance® Verification can help simplify your HIPAA compliance today!