It’s becoming accepted in our industry, even though we have no need to access PHI, the healthcare market is demanding that hosting and managed service providers sign a Business Associates Agreement.
We are a BA because the statue defines us as one. It is our attorney’s belief that we can make the case that we are not one because we do not, in the normal course of operation, need any access to PHI to perform any of our contracted work.
So, we’re a BA to a CE. For example, a client of ours is a hospital, so they are a CE. They are required to have a specific agreement with us called a Business Associates Agreement (BAA) because we possibly have access or affect the availability of the PHI on their servers in our data center.