December 20, 2016

Provided by: Jennifer Kirschenbaum, Esq.



Hi Jennifer, 

I was sent over a business associate agreement from my shredding company.  Do you have to read it or can I just sign it?

Thanks,  Dr. V


While I hate to be self-serving, of course I would prefer to read it if you are trying to hold me responsible for the well-being of your practice (or billing company, for that matter!).  A Business Associate Agreement is not just a boilerplate form waiting for signature - it is a living breathing template of obligation - drawing battlefield lines between parties for who is responsible for what. Most BAAs do not contain risk shifting provisions - indemnification, but some do.  And if silent on indemnification, the BAA still creates affirmative obligations on parties for protection of patient information, and use of patient information. Signing on the dotted line without consideration may come back to haunt you later, if for instance, the party asking you to sign, say, loses a laptop with patient information, or sends information out without consent to the wrong email. Either scenario may result in a reporting requirement and potentially monetary exposure.  

My advice - have the proposed BAA reviewed.  Or, in the alternative, present your own.  

Don't have your own BAA yet, you can purchase our form BAA with indemnification for $150 to fit your purpose (applicable to practices and billing company clients) on our site -  For today only we'll offer 20% off all BAA orders.