What is a HIPAA Compliant BAA?
The Business Associate Agreement (BAA) is a newly required agreement between the regional center and service providers and speaks to the business relationship between the regional center, the service provider, and the Department of Developmental Services (DDS).
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Regional Center of the East Bay is identified as a Business Associate of the Department of Developmental Services (DDS). In March 2013, the U.S. Department of Health & Human Services enacted a final HIPAA Omnibus rule which implemented a number of provisions from the HITECH Act to strengthen the privacy and security protections established under HIPAA. Under the Omnibus rule, the definition of a Business Associate has been updated to also include subcontractors (service providers) of a Business Associate (RCEB) who create, receive, maintain or transmit Protected Health Information (PHI) on behalf of RCEB or who provide services involving the disclosure of PHI.
As a result of this change in definition, Service Providers are now considered Business Associates of RCEB and are required to establish HIPAA compliant Business Associate Agreements (BAA). Service Providers must also comply with the HIPAA requirements of a Business Associate.
In order to comply with federal law, the Regional Center of the East Bay shall ensure that a BAA is established with all service providers.