Skip to main content

Q&A: Terminating a Business Associate Contract

Analysis  |  By Revenue Cycle Advisor  
   January 07, 2021

 Chris Apgar, president of Apgar & Associates, LLC, in Portland, Oregon, shares what to do after ending a contract with a business associate.

A version of this article was first published January 7, 2021, by HCPro's Revenue Cycle Advisor, a sibling publication to HealthLeaders.

Q: If we end a contract with a business associate (BA), does the BA need to provide us with assurance that all protected health information (PHI) has been destroyed? Is this something that should be written into the initial contract? What are the steps to take if the BA does not respond to requests to confirm deletion of PHI?

A: It is a good idea to ask the BA for proof of return or destruction. This is not a lot different than requiring a certificate of destruction when you contract with a vendor to destroy media that was used to store PHI. Standard language needs to be included in the business associate agreement (BAA) that requires the return or destruction of PHI when the contract is terminated. It is also common to see what the expectations of the BA are if the BA is unable to return or destroy the PHI.

As far as what steps can be taken if the BA does not respond to requests to confirm deletion of PHI, there are a couple of options. If you have attempted to get the BA to respond several times with no luck, you can bring in counsel to demand a response and/or file a lawsuit against the BA, or you can file a complaint with the Office for Civil Rights (OCR). The OCR complaint would be around the BA not demonstrating adherence to the terms of your BAA and pointing out that the BA retaining PHI is a violation of the minimum necessary requirement.

Editor’s note: Chris Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.

Revenue Cycle Advisor combines all of HCPro's Medicare regulatory and reimbursement resources into one handy and easy-to-access portal. News is not just repeated from other sources. It is analyzed by our Medicare experts so professionals can comprehend any new rule and regulatory updates thoroughly. Learn more.


Get the latest on healthcare leadership in your inbox.