Printer Friendly, PDF & Email

Follow the money ... to your business associates

Tiffany Holman ( is the Director of Privacy at AdventHealth in Orlando, FL.

Are we still discussing business associate agreements (BAAs) after all this time? Yes, and privacy professionals continue to have questions and confront challenges. Here are a few questions that linger for privacy professionals:

  • Does our organization have compliant BAAs in place for all vendors?

  • Who are our vendors, and how do I obtain a list to identify them?

  • Is our leadership/staff trained to know how to properly obtain a BAA from a vendor?

  • If a staff member obtains a signed BAA, is there a procedure in place to submit the BAA to the privacy officer?

We are slowly moving away from denial that a BAA is needed altogether toward understanding that BAAs are needed, and privacy professionals must continuously monitor vendors as part of an effective compliance and privacy program. Let’s start from the beginning to understand the evolution of BAAs.

This document is only available to members. Please log in or become a member.