When To Use a HIPAA Confidentiality Agreement

By: Dr. Jeff Brown |

There are numerous situations in which a HIPAA business associate agreement (BAA) is not appropriate. Essentially, a BAA is never appropriate for use with a person or entity who is not actually your business associate. But, what are you supposed to do when a person has potential access to your patient information but they aren't a business associate? Naturally, you still want something in writing for protection. That something is called a confidentiality agreement.

The two most common scenarios in which a confidentiality agreement is applicable would be a cleaning service and office sharing or rental. In these cases, there is a person who is:

  • In your office
  • Not your workforce (Learn more)
  • Not a business associate (Learn more)
  • Likely exposed to PHI

For anyone who fits the list above you will want a signed confidentiality agreement. This agreement should include sections pertaining to: confidentiality, compliance, reporting, and reimbursement. Here is a sample confidentiality agreement for your use.

DISCLAIMER: Because of the generality of this article, the information provided herein may not be applicable in every situation and should not be acted upon without specific legal advice based on particular situations.

See More HIPAA Articles