Senior Communications Manager
Kirk Nahra Discusses the Importance of Business Associate Agreements
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted extensively in an article published yesterday by Renal & Urology News about the importance of doctors having a business associate agreement in the event of a security breach.
The Health Insurance Portability and Accountability Act (HIPAA) requires that a contract exist between covered entities and business associates, to ensure the business associates will take the necessary steps to protect personal health information. According to the article, in the event of a security breach, having an agreement on file will assist with a government investigation.
“Say a doctor has a security breach. If the government comes in to investigate, they will ask to see the business associate agreement,” Mr. Nahra said. “If you don't have one, it makes it look like you don't care about this stuff and that makes it worse.”
He added that the agreement should specify any limits on the use of patient information. “If there is a consulting firm that wants to give advice to other people and use your data, you have to make it clear that they can’t use it,” Mr. Nahra said. “A vendor’s agreement may give more rights to that information than what they [providers] want.”
To read the entire article, click here.