The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) established a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
The Privacy Rule standards address the use and disclosure of individuals’ health information called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and wellbeing.
The BAA provides protection to your patient’s health information, the sleep facility and the AASM. Facilities, Independent Sleep Practices, and DME suppliers applying for accreditation (covered entities) and the AASM (business associate) are required to complete a BAA in compliance with the HIPAA Privacy Rule. The agreement is necessary to allow AASM site visitors access to Protected Health Information (PHI) contained in patient medical records. This is used at the time of a site visit for accreditation purposes only. Failure to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) may result in civil money penalties.
The BAA is a legal document only valid when signed by an authorized individual designated to review and approve official legal documents on behalf of a sleep facility. Typically, hospital owned sleep facilities require a CEO’s or privacy officer’s signature. Freestanding facilities may have the owner of the facility sign all legal documents. Sleep facilities applying for accreditation are responsible for determining the appropriate signatory ensuring that an authorized individual has reviewed and signed the agreement.
The template business associate agreement created by the AASM legal counsel is available for download at the time of an accreditation application and is automatically approved for signature by the AASM. From time to time, sleep facilities will opt to use their own agreement, possibly customized by their hospital’s legal counsel. Although both options are acceptable, customized agreements require careful review by the AASM and direct communication with the sleep facility’s legal department before the final version is ready for signature. Sleep facilities that wish to execute their own, customized business associate agreements, need to allow an average of 4-6 weeks for review and potential revisions before the agreement is ready for signature.
Click the following link or download the AASM business associate agreement within the BAA section of the application.