What is a BAA (Business Associate Agreement) and Why Do I Need One?

Here at Phone.com we’re not only proud to deliver top notch business class phone service to a diverse group of small businesses, we’re also able to legally protect the sensitive information handled by medical professionals with our HIPAA compliant coverage in our standard features.

If you’re unfamiliar with that acronym or new to the VoIP industry, HIPAA (Health Insurance Portability and Accountability Act) was signed into law in 1996 with the chief aim at providing accountability for health insurance companies and patients’ information.

With the VoIP revolution, small, medium and large medical companies are able to cut costs by not having to depend on major telecommunication networks and can go with smaller, faster, more responsive VoIP companies. There can be risks, though, if you don’t educate yourself.

Any and all healthcare professionals must be in accordance to HIPAA. Even those organizations that work with healthcare also must be compliant!

So what exactly is a Business Associate and why should you care? 

As defined by the law, a BA is “a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) on behalf of, or provides services to, a covered entity.” Some example of what BA’s functions are:

  • Data analysis, processing or administration
  • Claims processing or administration
  • Quality assurance
  • Benefit & practice management

A Business Associate Agreement binds the BA’s with the HIPAA-covered entity, ensuring legal protection for the sensitive data, patient information, etc.

Phone.com is not a healthcare company, so why should our customers be concerned about HIPAA compliance as it pertains to phone service? The short answer is that PHI could be contained in voicemails, call recording, faxes, or even SMS text. For all such information that is stored in our systems – “data at rest” – we follow very clear procedures and encrypt that information so that only authorized people have access to it.

Phone.com will create and sign a Business Associate Agreement for both Covered Entities that create PHI or Business Associates, like those mentioned above, that handle but do not create PHI.

Why is it important that your phone service provider be HIPAA compliant and willing to sign a BAA? If your company is found to be in violation, fines could be severe. In 2016, Advocate Health Care was ordered to pay a whopping $5.55 million because of their actions. Those are good reasons for protecting yourself with a communications company that understands the need for HIPAA compliance.

Click here to learn more about Phone.com’s HIPAA protection. If you’re unsure whether you’re in need of a BAA, make sure to give our HIPAA-certified customer service representatives a call at (844) 746.6312.