AAAHC Business Associate Agreement

Under the HIPAA regulations, accreditation organizations are considered “business associates” of covered entities, i.e. surgery centers, physician office practices and other health care providers and plans. The regulation requires that covered entities have agreements with their business associates as a means of obtaining satisfactory assurance that the business associate will appropriately safeguard the personally identified health information.

The privacy regulation, that becomes effective on April 14, 2003, applies to all health care providers and plans that conduct certain common transactions electronically, likely including the vast majority of AAAHC-accredited organizations.

The regulation imposes the agreement requirement on the covered entity, not the business associate. The agreement is not necessarily required as a condition of accreditation.

We believe that the privacy issues raised by the accreditation process are similar for all types of accredited organizations. This single, customized agreement was drafted to reduce the cost and complexity of implementation for accredited organizations and AAAHC.

On January 21, 2003, AAAHC mailed the executed agreement to all of its accredited organizations, as well as organizations that have applied for an accreditation survey. The agreement has been incorporated into the application process for future applications and renewals.

The business associate agreement serves to protect the exchange of information between ambulatory health care organizations and AAAHC, assist organizations in meeting their HIPAA obligations and allow the accreditation process to continue with a minimum of disruption. AAAHC is committed to maintaining its long-standing policy of strict confidentiality and privacy of patient information that may be identified as part of accreditation.

Download a copy of the AAAHC Business Associate Agreement
(PDF - Requires Free Adobe Acrobat Reader)