HIPAA Compliance Agreement

HIPAA Business Associate Agreement

According to Federal HIPAA compliance regulations, a Business Associate Agreement (BAA) needs to be customized and agreed upon for any third-party work being done for a healthcare provider. The following agreement is based on IT services being provided to your organization, office, or business by Iowa City Technology Services.

With your digital signature below, in working with Iowa City Technology Services (ICTS), you acknowledge that every effort will be made by ICTS to meet or exceed HIPAA compliance requirements. As well, ICTS will abide by this agreement in providing compliance with HIPAA guidelines.

In an office that adequately meets HIPAA compliance requirements, patient records are physically and digitally secured, so most IT support can be provided without any access to patient data. Even so, ICTS will make an additional effort to completely avoid accessing, viewing, or handling patient data.

Even if your office is not fully HIPAA compliant (e.g. If patient data is readily accessible without password protection or patient files are left out on counters), ICTS would not unnecessarily touch, access, view, or handle any patient data.

In the event that ICTS were asked to perform work that required access to patient records, clinic data, or practice management systems, HIPAA guidelines would be adhered to. A comprehensive BAA sample is provided below as a guideline to indicate the scope of compliance adherence we would be guided by.

Our promise is to stringently follow best practices. However, due to the broad and varied vulnerabilities present in most offices and practice management systems, as well as access by other third parties, or undetected system compromises, ICTS shall not be held liable for any data loss or breach outside the scope of our control.

By typing your name below, as the business owner or authorized agent, your digital signature conveys that you have read the above agreement and accept its terms.

(Agreement Version: 20160324TH0840)

Click here for a revised version of this document, along with additional reading.