If one of your business associates commits a HIPPA breach with your patients’ data, you could be on the hook for penalties or at least public embarrassment. That’s why it’s important to keep track of BAs, which must also maintain appropriate privacy practices. The HHS Office for Civil Rights understands agencies’ concerns, and offers a sample template to help you keep track of your BAs. “Covered entities should provide the requested information to the best of their knowledge and include the name and types of services provided by each business associate,” HHS OCR says on its website. “Covered entities responding to the request should identify each element for each business associate.” The elements listed on the template include the BA’s name, the type of service they provide, two points of contact (as well as their titles, addresses, fax and phone numbers, and emails), and the BA’s web URL. To see HHS’s template so you can design your own BA tracker around it, go to www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/batemplate/index.html.