Business Associate Agreements are Available from Atlantic.Net
Trusted By Over 15,000 Businesses
Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!
HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!Start My Free Trial
Looking for HIPAA Compliant Hosting?
We Can Help with a Free Assessment.
The HIPAA Privacy Rule amendment in 2003 introduced a new administrative safeguard declaring that all covered entities must have a signed Business Associate Agreement (BAA) in place with all Business Associates (BA) and Covered Entities that manage, process or archive Protected Health Information (PHI).
As one of the leading HIPAA compliant hosting companies in the United States, Atlantic.Net (and our healthcare partners utilizing our award-winning cloud platform) are directly impacted by this amendment. Atlantic.Net is a Business Associate of each healthcare organization with whom we process, store, manage or otherwise deal with PHI, and therefore, we are legally obliged to sign a contract of service with each organization to guarantee our HIPAA compliant status.
A BAA is not necessarily a single standalone agreement; BAAs often include a combination of service level agreements, response times for incidents, and RTO and RPO guarantees for a disaster recovery solution.
With HIPAA BAA, there are two types of business associate relationships:
Subcontractors are vendors and third parties that provide Atlantic.Net with services for our day-to-day business operations. Any vendor Atlantic.Net engages with as part of our HIPAA compliant business offerings will sign the BAA if offering in-scope services; this task is managed by Atlantic.Net.
A HIPAA BAA creates a bond of liability, outlining the shared responsibilities of the Covered Entity and the Business Associate (in this case, Atlantic.Net). Atlantic.Net’s BAA offers assurances regarding our HIPAA and HITECH accreditations and details the guarantees we provide for each of the administrative, physical, and technical safeguards we implement to protect ePHI.
As a trusted business associate, we will:
According to The Health Insurance Portability and Accountability Act (HIPAA), there are two different types of organizations that must ensure compliance: covered entities and business associates. Atlantic.Net™ falls into the latter category, a third-party entity contracted to handle ePHI (electronic protected health information).
In order to both comply with the law and assure our clients that we’re committed to keeping their information safe, we’ve drafted up a HIPAA Business Associate Agreement, or BAA. BAAs are a type of HIPAA-Compliant documentation that is critical to our relationship with healthcare firms and medical practitioners alike, as it firmly establishes the legal parameters for our use of ePHI. The following three components are central to this contract:
In conjunction with our SOC 2 TYPE II and SOC 3 TYPE II certified data center, our BAA documentation shows that we’re committed to keeping the private healthcare information of our clients both safe and secure. Moreover, BAAs show that we’re willing to go beyond the minimum standards of compliance established in HIPAA. Healthcare organizations that choose us as a host have the peace of mind that can only come from knowing that they’re partnered with a veteran - and one that’s completely committed to their best interests, at that.
For more information about our HIPAA Business Associate Agreement or to request a copy of our agreement, please contact us today!
Atlantic.Net has built one of the most popular HIPAA compliant hosting environments available, bringing together our 25 years of experience in the information technology sector. We know what is important to our healthcare partners and are delighted they explicitly trust us to handle their patients’ ePHI.
Want to know more about the technical safeguards of our HIPAA hosting solution? Check out our HIPAA hosting page.
A brief review of HIPAA and its primary component parts allows us to place the business associate’s agreement in context.
The vast majority of healthcare companies must abide by the parameters of the Health Insurance Portability and Accountability Act (HIPAA), an Act passed by the United States Congress in 1996 that safeguards American citizens’ health data. The data that falls under the auspices of the law – as governed by the Department of Health & Human Services (HHS) – is designated, collectively, as protected health information (PHI).
PHI is typically handled by covered entities. Organizations in that category include healthcare providers, healthcare plans, and healthcare clearinghouses. Examples of each type of HIPAA-compliant organization are as follows:
Any of the above organizations necessarily handle PHI as a central responsibility of their business. The Privacy Rule and Security Rule of HIPAA require covered entities to protect patient data from loss, theft, or any other misuse.
A covered entity can choose to work with a business associate, outsourcing certain aspects of operations to a trusted third party. In order to appropriately place responsibility into the hands of the external organization, both companies must agree to the terms of a BAA. By signing the agreement, the business associate agrees to safeguard PHI and to perform its obligations to the covered entity within the guidelines of HIPAA.
According to the HIPAA guidelines, a BAA must do the following (as discussed by healthcare video-conferencing company SecureVideo in a 2013 article):
This page was updated on February 8, 2021.
© 2021 Atlantic.Net, All Rights Reserved.