{"id":1743,"date":"2012-01-23T00:00:00","date_gmt":"2012-01-23T00:00:00","guid":{"rendered":"http:\/\/otava.test\/five-questions-to-ask-your-business-associates-1-breach-notification\/"},"modified":"2012-01-23T00:00:00","modified_gmt":"2012-01-23T00:00:00","slug":"five-questions-to-ask-your-business-associates-1-breach-notification","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/","title":{"rendered":"Five Questions to Ask Your Business Associates: #1 Breach Notification"},"content":{"rendered":"

How does your BAA (Business Associate Agreement) address breach notification to your clients? We’re asking ourselves tough questions about HIPAA compliance, and our responsibilities as a trusted Business Associate and hosting partner.<\/p>\n

<\/span>#1 What timeframe does your BAA promise clients for PHI breach notification?<\/strong><\/span><\/h4>\n

As a data center hosting partner to hospitals, physician groups, and health IT companies, we want to be a trusted Business Associate. We consulted experienced health care attorneys and HIPAA auditors to fully understand our responsibilities. Together we created a Business Associate Agreement (BAA) that reflects HHS requirements for timely breach notifications. We’ll share the exact language with you below.<\/p>\n

Why preparing for PHI breach notification is critical for Business Associates<\/strong>
\nSpeaking from our own experience, Online Tech serves the health care industry with\u00a0colocation<\/a>,\u00a0managed servers<\/a>,\u00a0private<\/a>\u00a0and\u00a0managed clouds<\/a>, and\u00a0disaster recovery<\/a>. A lot of PHI flows through our networks and resides in our servers, clouds, and storage.\u00a062% of the breached records reported to HHS, or 4.4 million,\u00a0involved a Business Associate<\/a>. The\u00a0costs of a PHI breach<\/a>\u00a0to patients, Business Associates, and Covered Entities are high with HHS penalties, and lawsuit damages of $1000 per breached patient record.<\/p>\n

Anything short of 100% HIPAA compliance puts any Business Associate, their clients, and their patients at undue risk. We weren’t comfortable assessing our own state of HIPAA compliance, so we invested in the expertise of independent health IT security specialists, auditors, and attorneys.<\/p>\n

What timeframe does Online Tech’s BAA promise for PHI breach notification?<\/strong>\u00a0?<\/strong>
\nHHS requires\u00a0extensive documentation<\/a>\u00a0within 10 days of a PHI breach — documentation that must be prepared well in advance.\u00a0Online Tech’s preparation included an independent risk assessment, remediation, and complete HIPAA audit of all 54 HITECH citations across our company policies, procedures, facilities, and HIPAA security training by Certified HIPAA Security Specialist Joe Dylewski, president of ATMP Solutions. Our BAA was prepared in accordence with HITECH requirements with the help of experienced health care attorneys\u00a0Brian Balow and Tatiana Melnik from Dickinson Wright.
\n
\nClick here for Online Tech’s BAA Breach Notification Timeframe Clause<\/a><\/strong>.<\/p>\n

Next week, we’ll discuss preparing for an independent HIPAA audit and the end deliverables.
\n<\/strong><\/p>\n

Related resources:<\/strong>
\nBAA Breach Notification Clause<\/a>
\nOCR Audit Requirements Following a Self-Reported HIPAA Breach<\/a>
\nWho Needs to be HIPAA Compliant?\u00a0<\/a>
\nHIPAA Resources: Policies, Procedures & Training Materials<\/a>
\nHIPAA, HITECH, BAAs and the Law: Concerns & Best Practices<\/a>
\nWhat’s in a Business Associate Agreement?<\/a>
\nHIPAA Compliant IT Security and Best Practices<\/a><\/p>\n

For more information on\u00a0HIPAA Compliant hosting<\/a>, contact us at 877.740.5028 or\u00a0himss@onlinetech.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

How does your BAA (Business Associate Agreement) address breach notification to your clients? We’re asking ourselves tough questions about HIPAA compliance, and our responsibilities as a trusted Business Associate and hosting partner. #1 What timeframe does your BAA promise clients for PHI breach notification? As a data center hosting partner to hospitals, physician groups, and health IT companies, we want to be a trusted Business Associate. We consulted experienced health care attorneys and HIPAA auditors to fully understand our responsibilities. Together we created a Business Associate Agreement (BAA) that reflects HHS requirements for timely breach notifications. We’ll share the exact language with you below. Why preparing for PHI breach notification is critical for Business Associates Speaking from our own experience, Online Tech serves the health care industry with\u00a0colocation,\u00a0managed servers,\u00a0private\u00a0and\u00a0managed clouds, and\u00a0disaster recovery. A lot of PHI flows through our networks and resides in our servers, clouds, and storage.\u00a062% of the breached records reported to HHS, or 4.4 million,\u00a0involved a Business Associate. The\u00a0costs of a PHI breach\u00a0to patients, Business Associates, and Covered Entities are high with HHS penalties, and lawsuit damages of $1000 per breached patient record. Anything short of 100% HIPAA compliance puts any Business Associate, their clients, and their…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1743","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nFive Questions to Ask Your Business Associates: #1 Breach Notification | OTAVA<\/title>\n<meta name=\"description\" content=\"Here are five questions to ask your trusted Business Associates and hosting providerss: #1 In what timeframe will your BAA alert clients of a PHI breach?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Five Questions to Ask Your Business Associates: #1 Breach Notification\" \/>\n<meta property=\"og:description\" content=\"Here are five questions to ask your trusted Business Associates and hosting providerss: #1 In what timeframe will your BAA alert clients of a PHI breach?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-01-23T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Five Questions to Ask Your Business Associates: #1 Breach Notification\",\"datePublished\":\"2012-01-23T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/\"},\"wordCount\":432,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/\",\"url\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/\",\"name\":\"Five Questions to Ask Your Business Associates: #1 Breach Notification | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2012-01-23T00:00:00+00:00\",\"description\":\"Here are five questions to ask your trusted Business Associates and hosting providerss: #1 In what timeframe will your BAA alert clients of a PHI breach?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Five Questions to Ask Your Business Associates: #1 Breach Notification\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Five Questions to Ask Your Business Associates: #1 Breach Notification | OTAVA","description":"Here are five questions to ask your trusted Business Associates and hosting providerss: #1 In what timeframe will your BAA alert clients of a PHI breach?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/","og_locale":"en_US","og_type":"article","og_title":"Five Questions to Ask Your Business Associates: #1 Breach Notification","og_description":"Here are five questions to ask your trusted Business Associates and hosting providerss: #1 In what timeframe will your BAA alert clients of a PHI breach?","og_url":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/","og_site_name":"OTAVA","article_published_time":"2012-01-23T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Five Questions to Ask Your Business Associates: #1 Breach Notification","datePublished":"2012-01-23T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/"},"wordCount":432,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/","url":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/","name":"Five Questions to Ask Your Business Associates: #1 Breach Notification | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2012-01-23T00:00:00+00:00","description":"Here are five questions to ask your trusted Business Associates and hosting providerss: #1 In what timeframe will your BAA alert clients of a PHI breach?","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associates-1-breach-notification\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Five Questions to Ask Your Business Associates: #1 Breach Notification"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1743"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1743\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1743"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}