Physician Practice

Q&A: You’ve got questions! We’ve got answers!

Physician Practice Insider, December 27, 2016

Submit your questions to Associate Editor Nicole Votta at and we will work with our experts to provide you with the information you need.

Q: A situation recently arose with one of our business associates (BA). We have a copy of a business associate agreement (BAA) signed by the company; however, there have been some changes in personnel within the BA. The BA now claims it has no record of the BAA and does not feel it should be bound by the agreement. We suggested creating and signing a new BAA but the BA is reluctant to agree to do that. Is it a HIPAA breach if the BA no longer has a copy of the BAA?

A: As a covered entity, you are required to have a written agreement with each of your business associates to secure the protected health information to which the BA has access. If the BA claims it does not have a copy of the agreement previously signed, the BA is clearly not abiding by the agreement. You should (1) provide a copy of the existing agreement to the BA and obtain their agreement to abide by it; (2) have the BA sign a new agreement, or (3) terminate your contract with the BA.

Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, answered this question for Briefings on HIPAA. Brandt is a healthcare consultant specializing in healthcare regulatory compliance and
operations improvement. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.  Email your questions to Associate Editor Nicole Votta at

Most Popular