OFFICE OF COMPLIANCE AND SECURITY
Business Associate Agreements
Covered Entities must have a Business Associate Agreement with their Business Associates that binds the Business Associate, among other things, to comply with Covered Entity’s privacy practices and to provide secure safeguards for any Protected Health Information (PHI) that it exchanges with the Covered Entity. The Covered Entity is subject to sanctions, but only if it has knowledge of the Business Associate’s wrongful activity and subsequently fails to initiate the required action to remedy any identified anticipatory or material breach. The termination of an agreement is required by a Covered Entity if the Business Associate cannot be relied upon to maintain the privacy of the PHI provided to it.
The following templates have been reviewed by the Commonwealth of Virginia’s Office of the Attorney General and meet the HIPAA Privacy Rule definitions set out by 45 CFR §§164.504 and 160.103. DMAS Policy requires that all DMAS Business Associates will be required to sign a completed agreement.
*** Note these documents are DMAS' templates which will be completed by DMAS ***
Privacy and Security Contacts at DMAS
Office of Compliance and Security HIPAA Inquiries on HIPAA privacy and security issues phone: 804-225-2860 Privacy Office Voice Mail Box. To report violations you can call the voice mail box and including your name, a brief description of the violation and your phone number and e-mail address where you would like to be contacted. If you are a provider please include your 7 digit provider number. You can also report a HIPAA violation by sending a written letter attention: Compliance and Security Officer, Department of Medical Assistance Services, 600 East Broad Street, Richmond, Virginia 23219.
To report a violation send the Privacy Office an e-mail including your name.
Other Contacts:
If you would like to ask the Office of Civil Rights (OCR) questions concerning HIPAA Privacy here are the contacts:
Toll Free: (866)-627-7748 www.hhs.gov/ocr/hipaa