HIPAA requires that all covered entities (meaning you, as a pharmacy) must have a Business Associate Agreement (BAA) in place for any Business Associate (i.e. vendor) you contract with that handles PHI.
While most large companies would likely already have this as part of their customer onboarding process, it's well worth checking to be sure you haven't missed one and that you can locate all of them.
Also, a big potential compliance miss - contract (1099) employees are considered Business Associates! W2 employees are not considered business associates and so you do not need a BAA for them.
On the HHS website, one of the examples of a Business Associate is "an independent medical transcriptionist that provides transcription services to a physician." In other words, the exact same situation as you contracting with pharmacy staff. Staffing agencies would also fall under this situation.
Some sites sell BAA templates, but this is not necessary, which is why I don't have a template for sale on this site. Instead, download a free template straight from The Department of Health and Human Services. Take it, modify it for your needs, and be sure all your contracted vendors have them.
Comentários