Confidentiality, Privacy and Security

  • 1.  BAs and BAAs

    Posted 19 days ago
    Someone asked me offlist to clarify my posting that a Business Associate (BA) is not determined by whether a Business Associate Agreement is signed but rather when an entity meets the definition of a Business Associate such as when it receives PHI from a Covered Entity and stores that PHI in the cloud for that Covered Entity.

    This person shared that they received guidance from a subject matter expert that a BA is not a BA until it signs a BAA, period.  Glad this person asked the question because I know how frustrating it can be to get different answers when the answer is literally black and white.  No need to make things more confusing.

    Frank Ruelas
    Compliance Professional