HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Author Archive

The facility I work at is a covered entity.

We continually receive requests to sign a business associate (BA) agreement from other covered entities we do routine business with.

Is there a statement or stated language in the HIPAA/HITECH that can be used to state to these covered entities that we do not need a BA agreement with the other covered entity because we are a covered entity?

It seems that BA documents are being used inappropriately, or as a “catch all, just in case” scenarios.  And, if these are being used like this, is it safer in being compliant to just go ahead and sign the BA even though it is not needed?

Sharon Hallberg