Use the government’s template to create your own tracking system.
One of the HIPAA audit features that practices find most daunting is how they’ll keep track of their business associates (BAs), which must also maintain appropriate privacy practices. The HHS Office of Civil Rights (OCR) has heard practices’ concerns, and issued a sample template to help you keep track of your BAs.
“Covered entities should provide the requested information to the best of their knowledge and include the name and types of services provided by each business associate,” the OCR says on its website. “Covered entities responding to the request should identify each element for each business associate.”
The elements listed on the template include the BA’s name, the type of service they provide, two points of contact (as well as their titles, addresses, fax and phone numbers, and emails), and the BA’s web URL.
To read HHS’s template so you can design your own BA tracker around it, visit the HHS website at www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/batemplate/index.html.