PayPal Business Associate Agreement: What It Is and Why You Need It
If you run a business that handles protected health information (PHI), you may be required to sign a Business Associate Agreement (BAA) with your payment processor, such as PayPal. This article will explain what a PayPal Business Associate Agreement is and why you need it.
What is a Business Associate Agreement?
A Business Associate Agreement (BAA) is a contract between a covered entity (such as a healthcare provider or health plan) and a business associate (such as a payment processor or IT service provider) that requires the business associate to protect the confidentiality, integrity, and availability of any PHI that it may receive or create on behalf of the covered entity. The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to enter into BAAs with their business associates to ensure compliance with the HIPAA Privacy and Security Rules.
What is Protected Health Information?
Protected Health Information (PHI) is any information that can be used to identify an individual and that relates to the individual`s past, present, or future physical or mental health condition, the provision of healthcare services to the individual, or the payment for those healthcare services. Examples of PHI include medical records, medical bills, insurance information, and prescription information.
Why Do You Need a PayPal Business Associate Agreement?
If you are a covered entity (such as a healthcare provider or health plan) that uses PayPal to process payments containing PHI, you are required to sign a BAA with PayPal to ensure that PayPal protects the confidentiality, integrity, and availability of any PHI that it may receive or create on your behalf. The BAA will also require PayPal to report any security incidents or breaches that affect your PHI.
What Does a PayPal Business Associate Agreement Cover?
A PayPal Business Associate Agreement will typically cover the following:
– The permitted uses and disclosures of PHI by PayPal.
– The safeguards that PayPal will implement to protect the confidentiality, integrity, and availability of PHI.
– The reporting requirements for security incidents or breaches affecting PHI.
– The indemnification provisions for any privacy or security breaches caused by PayPal.
– The termination provisions for the BAA.
How Do You Sign a PayPal Business Associate Agreement?
To sign a PayPal Business Associate Agreement, you will need to contact PayPal and request a BAA. PayPal will typically provide a template BAA that you can review and modify as needed. Once you have agreed to the terms of the BAA, you will need to sign it and return it to PayPal for countersignature.
Conclusion
If you handle protected health information (PHI), it is important to ensure that your payment processor protects the confidentiality, integrity, and availability of that PHI. A PayPal Business Associate Agreement can help you meet your obligations under HIPAA and protect your patients` privacy and security. Contact PayPal today to request a BAA and ensure that your payment processing is HIPAA compliant.