I went to a networking event for healthcare startups in Sunnyvale recently and was surprised by what I learned. The event was well attended and it featured pitches from three startups, followed by keynote speaker Casper De Clercq of Norwest Venture Partners. While the keynote speaker was very informative, what stuck out most in my mind that evening was a likely HIPAA violation that one of the startup speakers referenced during his pitch.
HIPAA Compliance for Business Associates and their Subcontractors
Without going into too much detail about the nature of his startup, one of the speakers that night mentioned something along the lines of, “our code is on a shared server that I give my developers access to.” Whoa! I couldn’t believe what I had just heard. From a HIPAA compliant email viewpoint, let’s take a look at why this was so shocking to me:
- Who else has access to the shared server?
- He had already mentioned his developers were subcontractors so the question arises, have those subcontractors signed Business Associate Agreements with his startup?
As we previously covered in a post about the HIPAA Privacy Rule for Business Associates, subcontractors who come into contact with protected health information when doing work for a Business Associate (BA) are themselves considered Business Associates. In other words, these subcontractors are required by law to sign a Business Associate Agreement with the BA that has hired them. And as we also covered in a post about Business Associate Agreement Provisions, every BAA must contain, at a minimum, 10 provisions that must be covered. In other words, the Business Associate Agreement has some serious teeth to it, it’s required by law and it should not be taken lightly.
Choose a Technology Partner that adheres to HIPAA Regulations
If you are a covered entity, a BAA is a must for any technology partner that handles PHI for you. Insist that all of your Business Associates sign such an agreement with you. Here at Paubox, we have a Business Associate Agreement ready for your review and signature. Contact us today to get started.