Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

Preparing Contractors for HIPAA Compliance

Employers are responsible for contractors and temporary employee’s compliance with HIPAA.

Here are two examples. You’re a small medical practice whose head nurse goes out on maternity leave and you hire your mother-in-law, an RN, as a temporary replacement until she comes back. You’re an insurance company who has hired a part-time agent to work one day a week from home.

Whatever the scenario, these full-time employees, contract employees or independent contractors these employers hire have access to client or patient Protected Health Information.

The question is, what procedures should you follow?

Employee Classification

Since 2013, the Common Agency Provision of HIPAA in the Omnibus ruling states that you are responsible for your employee’s compliance.

Is your employee a contractor working exclusively for your company, an individual with other clients, or someone hired through a business?

The HIPAA law does not require employers to train quasi-employees. However, companies are held responsible if one of these individuals breaches Protected Health Information.

Here is a recommendation:

If the employee is a contractor working exclusively for your company or a sole proprietor with other clients, you cannot expect the individual to generate Policies and Procedures for Privacy and Security as required of either a Business Associate or a Subcontractor BA. It is meaningless to ask them to sign a Business Associate Agreement or a Subcontractor Business Associate Agreement because they will not have the compliance infrastructure required by HIPAA.

Instead, ask them to sign a confidentiality agreement. We recommend including these essential items in your confidentiality agreement:

  • What information does the agreement cover
  • Employees cannot modify or copy company information
  • Information must be returned upon request by the employer
  • Disciplinary action for persons responsible for a breach of confidential information

Train your contractors on HIPAA law on updates to your Privacy and Security Policies and Procedures regularly. You should require them to follow your company’s Security Policies and Procedures for things like firewalls and virus protection.

Unfortunately, the employer is fully liable even if the independent contractor was malicious or criminal in creating the HIPAA breach. If the employee is provided through a company with infrastructure, that company will need to meet the compliance standards. Business Associates and Business Associate Subcontractors abide by the same rules and regulations.

Additionally, signing a BA Agreement of BAS Agreement with these companies is essential.

HIPAA Training for Contractors

Covered Entities, Business Associates, and Business Associate Subcontractors must train all employees, including temps and contractors. Also, subcontractors who hire employees have the same responsibility to train these people. The responsibility can extend down several layers.

It might be a pain, but before your contractor or temporary starts working, you must have either a signed Confidentiality Agreement, a BAA or a Subcontractor BAA in hand. This contractor must complete HIPAA training, too. Remember, if you don’t train all your workers, you open yourself up to potential breaches that can result in an HHS audit and potential fines.

Our HIPAA compliance services help ensure that your business follows the basic HIPAA rules and guidelines to protect sensitive patient information. Our team of experts is dedicated to providing affordable rates and personalized solutions to help you become HIPAA compliant. We understand that navigating the complex requirements of HIPAA can be challenging, which is why we offer a comprehensive range of services to meet your unique needs. From risk assessments to employee training, we have the tools and expertise necessary to help your business achieve and maintain HIPAA compliance. Contact us today to learn more about how we can help you protect your patients, your employees, and your business.

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)