Understanding our commitment to protecting your protected health information through comprehensive BAA compliance.
A Business Associate Agreement (BAA) is a contract between a covered entity (healthcare provider or health plan) and a business associate (vendor or service provider) that outlines the responsibilities and obligations for protecting protected health information (PHI).
Under HIPAA, any vendor or service provider that creates, receives, maintains, or transmits PHI on behalf of a covered entity must sign a BAA before accessing any PHI. This ensures that all parties handling sensitive health information maintain the same high standards of privacy and security.
Aethera Healthcare Solutions executes BAAs with all covered entity clients before accessing any PHI, demonstrating our commitment to protecting your patients' sensitive health information.
Legal requirement under HIPAA
Protects patient privacy and security
Establishes clear responsibilities
Provides breach notification requirements
Ensures regulatory compliance
BAA ELEMENTS
Six key provisions that form the foundation of our Business Associate Agreement compliance.
We use and disclose PHI only as permitted by the BAA and HIPAA, primarily for providing our medical billing and revenue cycle management services.
We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI.
We promptly report any use or disclosure of PHI not provided for by the BAA, including breaches of unsecured PHI, to the covered entity.
We ensure that any subcontractors who access PHI agree to the same restrictions and conditions that apply to us under the BAA.
Upon termination of the BAA, we return or destroy all PHI received from the covered entity, unless retention is required by law.
We make our internal practices, books, and records available to the covered entity or the Secretary of Health and Human Services for compliance verification.
PHI is used solely for providing medical billing services
Comprehensive security measures protect all PHI
Immediate reporting of any unauthorized disclosures
All subcontractors sign equivalent BAAs
Prompt return or destruction of PHI upon termination
Full cooperation with compliance audits
Review and execution of BAA before accessing PHI
Annual review and update of BAA provisions
Immediate reporting of any PHI breaches or unauthorized disclosures
Quarterly compliance audits and assessments
Annual training for all staff on BAA requirements
We maintain the same high standards for all subcontractors and technology vendors who may access PHI in the course of providing services to us. Every vendor in our supply chain must execute equivalent Business Associate Agreements before accessing any PHI.
Annual vendor risk assessments
Quarterly compliance monitoring
Immediate termination for non-compliance
Annual security training for vendor personnel
Technology Vendors
Cloud storage, software platforms, communication tools
Consulting Services
Specialized expertise, temporary staffing
Data Processing
Data analysis, reporting services, automation tools
Support Services
IT support, facilities management, security services
Contact our compliance team to request a BAA for your practice.
BAA FAQ
Common questions about our Business Associate Agreement compliance.
Yes, we execute Business Associate Agreements with all covered entity clients before accessing any protected health information. This is a mandatory requirement under HIPAA regulations.
Our standard BAA execution process takes 1-3 business days once we receive the request. For urgent requests, we can expedite the process to same-day execution.
We maintain a comprehensive incident response plan that includes immediate breach identification, prompt notification to affected parties and the covered entity, and full cooperation with any investigation. We also provide support for breach notification and mitigation efforts.
Yes, we require all subcontractors and technology vendors who may access PHI to execute equivalent Business Associate Agreements. We maintain oversight of our entire vendor ecosystem to ensure compliance at every level.