The Health Insurance Portability and Accountability Act (HIPAA) requires that “covered entities” protect certain information, “protected health information, or PHI”. Most COLA customers who have patient information are considered covered entities. Covered entities need to enter into a Business Associate Agreement (BAA) with any vendor or entity that has access to their PHI.
Since the COLA accreditation program includes an onsite visit and review of records and documentation, COLA falls into the definition of a Business Associate. It is therefore necessary that COLA accredited laboratories enter into a Business Associate Agreement with COLA.
If your facility has its own BAA, please send it to COLA for signature. If your facility does not have its own BAA, COLA has a model BAA that includes the requirements known as “HITECH” issued by the Office of Civil Rights (OCR) in January, 2013.
COLA’s current model BAA can be found here.
Please send your HIPAA Business Associate Agreement, including your COLA identification number, or for multiple locations, all COLA numbers, to any of the following:
- Upload to your COLAcentral account
- FAX to 410-381-8611
- Mail to: COLA, ATTN: HIPAA Compliance, 9881 Broken Land Parkway, Suite 200, Columbia, MD 21046