November 18, 2014
I have two HIPAA questions I am hoping you can answer for me:
Do employees of a medical practice need to sign a BAA?
If a patient comes in accompanied by an aide, friend or relative, does the patient need to add them to the list of people who can be privy to any PHI, specifically in this example to sit in on the exam and/or receive any PHI?
J, happy to answer.
No, employees of a medical practice are not required to sign a business associate agreement. Business associate agreements are for third parties not working under the practice's "control" which an employee implicitly is. However, an employee should be signing the practice's policies and procedures, including its employee handbook, which should discuss patient confidentiality, HIPAA obligations and employee responsibility (and liability for noncompliance!).
If a patient walks in with a third party and brings that person into the exam room with them, you may want to explicitly as the patient and make a notation in the chart that the person was there and the patient consented to their presence. If that does not happen, there is "implied consent" by the patient's actions. However, do not allow an aide's presence at a visit count for future authorization to discuss care or payment issues with this person. If this person is not authorized in writing by the patient as an authorized representative take the "implied consent" as only for that visit when the patient is present.
Looking for HIPAA and compliance forms?
Click here to visit our website.