The Health Insurance Portability and Accountability Act (HIPAA) requires that “covered entities” protect certain information, “protected health information, or PHI”.  Most COLA customers who have patient information are considered covered entities.  Covered entities need to enter into a Business Associate Agreement (BAA) with any vendor or entity that has access to their PHI.

Since the COLA accreditation program includes an onsite visit and review of records and documentation, COLA falls into the definition of a Business Associate.  It is therefore necessary that COLA accredited laboratories enter into a Business Associate Agreement with COLA.

COLA has a model BAA that includes the requirements known as “HITECH” issued by the Office of Civil Rights (OCR) in January, 2013.

COLA’s current model BAA can be found here.

Please sign it and send it, including your COLA identification number, or for multiple locations, all COLA numbers, to any of the following:

• Upload to your COLAcentral account
• FAX to 410-381-8611
• Mail to: COLA, ATTN: HIPAA Compliance, 9881 Broken Land Parkway, Suite 200, Columbia, MD 21046

If you prefer to you use your organization’s agreement please send it to upload it to Colacentral or fax 410-381-8611. Please note that selection of your BAA will require review, and as such, likely will take longer to take effect.