Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In this episode, we’re answering frequently asked questions about Business Associate Agreements, or BAAs.

We discuss who should be providing the BAA; evaluating whether a service provider can meet group practice needs; performing due diligence as the HIPAA responsible party; red flags to watch out for; templates we recommend; and when you need a confidentiality agreement instead of a BAA.


PCT Resources

  • PCT article:  What Is a HIPAA Business Associate?
  • PCT free CE course:  Introduction to HIPAA Security for Group Practice Leaders
  •  Group Practice Care Premium 
    • for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours
    • + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)
    • +  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)
    • + more
  • PCT’s  Group Practice PCT Way HIPAA Compliance Manual & Materials  — comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently
    • Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
      • Computing Devices and Electronic Media Technical Security Policy
      • Bring Your Own Device (BYOD) Policy
      • Communications Security Policy
      • Information Systems Secure Use Policy
      • Risk Management Policy
      • Contingency Planning Policy
      • Device and Document Transport and Storage Policy
      • Device and Document Disposal Policy
      • Security Training and Awareness Policy
      • Passwords and Other Digital Authentication Policy
      • Software and Hardware Selection Policy
      • Security Incident Response and Breach Notification Policy
      • Security Onboarding and Exit Policy
      • Sanction Policy Policy
      • Release of Information Security Policy
      • Remote Access Policy
      • Data Backup Policy
      • Facility/Office Access and Physical Security Policy
      • Facility Network Security Policy
      • Computing Device Acceptable Use Policy
      • Business Associate Policy
      • Access Log Review Policy
    • Forms & Logs include:
      • Workforce Security Policies Agreement
      • Security Incident Report
      • PHI Access Determination
      • Password Policy Compliance
      • BYOD Registration & Termination
      • Data Backup & Confirmation
      • Access Log Review
      • Key & Access Code Issue and Loss
      • Third-Party Service Vendors
      • Building Security Plan
      • Security Schedule
      • Equipment Security Check
      • Computing System Access Granting & Revocation
      • Training Completion
      • Mini Risk Analysis
      • Security Incident Response
      • Security Reminder
      • Practice Equipment Catalog
    • + Workforce Security Manual & Leadership Security Manual — the role-based practical application oriented distillation of the formal Policies & Procedures
    • + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss