Are BAAs Just Impossible to Get?

BAA“Are BAAs just impossible to get?”

It’s amazing how often this question comes up! To begin, let’s make sure we all understand the basics about BAAs.

The Business Associate Agreement is a legal agreement that says, essentially, that whomever you allow to access PHI promises to treat it appropriately and keep it secure and private. Therapists, as covered entities, should have a signed Business Associate Agreement in place before permitting any 3rd party to have access to client PHI. Therapists often find they need BAAs with people/entities like billers, cloud storage providers, email providers, or practice management system providers.

Free service providers don’t generally offer BAAs.


For therapists who are just beginning their HIPAA compliance work, however, obtaining a BAA can seem an insurmountable obstacle because they are using services like free Gmail, Skype or Dropbox. Free service providers don’t generally offer BAAs, likely because the hoop-jumping required to get their organization HIPAA compliant is cost-prohibitive.

So when a therapist learns about HIPAA compliance and goes in search of the proper forms to file away, it can seem impossible to obtain BAAs—because the particular services being used don’t offer BAAs. But BAAs aren’t impossible to get–the solution, for better or worse, is fairly easily obtained by spending a little money. There are numerous businesses developing these days to help providers with their HIPAA compliance–organizations that understand HIPAA and what’s required to keep PHI safe and secure. These organizations will sign a BAA–but they just won’t be free.

If a therapist has been running a very low-overhead practice, with very little regular expenses, it is bad news indeed to learn that the services they’ve been using to run their practice may be an obstacle to their HIPAA compliance, and that the ‘fix’ will probably involve spending money. I am empathetic to that, having gone through my own version of this painful transition not that long ago. The good news, though, is that–while not free, there are relatively inexpensive solutions.

I’ll save the details about various solutions for a future post (but members can get it in the resource section now!), and close for today simply saying—no, BAAs aren’t impossible when we go looking in the right place for them. Good luck with your search!