Question: Does a business associate (BA) need to have a HIPAA Notice of Privacy Practices (NPP)?
Answer: BAs don’t necessarily need to have a HIPAA NPP, answers Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems, LLC in Charlotte, VT. But BAs may be responsible for participating in and maintaining an NPP if they are providing those kinds of front line services for their covered entity (CE).
Meaning: If the CE hires the BA to manage the front desk and/or sign up new patients or gather contact information, the BA may be responsible for managing that NPP and distributing the NPP to the patients, Sheldon-Dean says. But BAs wouldn’t have an NPP of their own for their own operations.