Business Associates Case Study


Scenario: Dr. Johnson was starting a new practice and had to hire an answering service. He called around and found one that had great pricing. He quickly signed the contract with them and then found out later during an audit that the answering service was not HIPAA compliant.

Question: What should Dr. Johnson have done differently to comply with HIPAA?

Dr Johnson should have qualified the answering service he was investigating up front to see if they were HIPAA compliant. He is required by HIPAA to ensure that the answering service is compliant. This can be done by phone by asking a few questions like Do you train your staff in HIPAA compliance, Do you have a HIPAA compliance officer. Do they have a compliance binder for HIPAA privacy and security.

He should then make the answering service legally responsibly by having them sign a business associates contract.