Accreditation APA ONLINE HOME HOME SITE MAP CONTACT
EDUCATION HOMEPAGE
ACCREDITATION HOMEPAGE
ABOUT ACCREDITATION
Commission on
  Accreditation
FAQs
Charges and Fees
Important Dates
ACCREDITED PROGRAMS
  Doctoral
Internship & Postdoctoral
POLICIES AND PROCEDURES
  Guidelines & Principles
  (G&P) (PDF)
Accreditation Operating
  Procedures (PDF, 344K)
Implementing Regulations
  (PDF, 470K)
SITE VISIT INFORMATION
  Review Schedules
Site Visitor Information
RESEARCH

Business Associate Agreement


Background:

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was passed into law in order to improve efficiency of the health care system and protect the security of patient information and data.  The Privacy Rule of HIPAA ("Privacy Rule"), which became effective April 2003, governs the use and disclosure of individually identifiable patient/client health information of many programs accredited by the Commission on Accreditation ("CoA") if such information has not been de-identified (redacted) in accordance with specific, strict provisions of the Privacy Rule. The Privacy Rule requires that programs that are "Covered Entities" under HIPAA have agreements with their "Business Associates" as a means of obtaining satisfactory assurance that the Business Associate will appropriately safeguard such protected health information ("Business Associate Agreement(s)").  Accreditors such as CoA are considered a Business Associate if they receive Protected Health Information from a Covered Entity that has not been de-identified.   The Privacy Rule sets forth many required provisions of the Business Associate Agreement. 

Implementation by the Commission on Accreditation:

The HIPAA regulations recognize the necessity of access by accreditation bodies to individually identifiable health information.  CoA has considered the implications of the Privacy Rule for its accreditation functions and has determined that each site visitor will be required to sign a Site Visitor Confidentiality Agreement prior to each site visit.  CoA is not requiring a Business Associate Agreement from all programs.  However, some programs may wish to have CoA sign a Business Associate Agreement prior to a site visit.  Because the issues concerning confidentiality and access to Protected Health Information during the CoA accreditation process are similar for all programs that are "Covered Entities" under the Privacy Rule, CoA has developed its own version of the Business Associate Agreement for such purpose.  The use of this version of the Business Associate Agreement .pdf [29kb] (Requires Adobe Acrobat  acro free download) will reduce the complexity, paperwork, and administration costs of implementing the Privacy Rule in the accreditation context.  The CoA agreement was drafted to include the requirements for a Business Associate Agreement contained in the Privacy Rule and is very similar to the Business Associate Agreements being used by other accrediting bodies.

To Obtain a Business Associate Agreement With CoA:

A copy of the CoA's version of the Business Associate Agreement is available by clicking on the icon below.  To obtain a signed Business Associate Agreement with CoA, please contact the APA Office of Program Consultation and Accreditation at (202) 336-5979 or by email. You may also print a copy of CoA's Business Associate Agreement, complete the missing information, and send a signed copy to the APA Office of Program Consultation and Accreditation, American Psychological Association, 750 First Street NE, Washington, DC 20002-4242.

[Business Associate Agreement .pdf [29kb] (Requires Adobe Acrobat  acro free download)]

Updated 07.15.08

 
© 2008 American Psychological Association
Office of Program Consultation and Accreditation
750 First Street, NE • Washington, DC • 20002-4242
Phone: 202-336-5979 • TDD/TTY: 202-336-6123
Fax: 202-336-5978 • Email
PsychNET® | Terms of Use | Privacy Policy | Security | Advertise with us