When To Use a HIPAA Confidentiality Agreement
There are numerous situations in which a HIPAA business associate agreement (BAA) is not appropriate. Essentially, a BAA is never appropriate for use with a person or entity who is not actually your business associate. But, what are you supposed to do when a person has potential access to your patient information but they aren't a business associate? Naturally, you still want something in writing for protection. That something is called a confidentiality agreement.
The two most common scenarios in which a confidentiality agreement is applicable would be a cleaning service and office sharing or rental. In these cases, there is a person who is:
- In your office
- Not your workforce (Learn more)
- Not a business associate (Learn more)
- Likely exposed to PHI
For anyone who fits the list above you will want a signed confidentiality agreement. This agreement should include sections pertaining to: confidentiality, compliance, reporting, and reimbursement. Here is a sample confidentiality agreement for your use.
by Dr. Jeff Brown
Jeff Brown, DC, is CEO at HIPAAMATE and dedicated to making HIPAA compliance comfortable for small- and medium-sized healthcare practices and business associates. Dr. Brown’s career spans private practice, compliance consulting, and software product management for three healthcare technology companies.
DISCLAIMER: Because of the generality of this article, the information provided herein may not be applicable in every situation and should not be acted upon without specific legal advice based on particular situations.