What is the process or what should I do if my IT company is unwilling to sign our Business Associate Agreement (BAA)?

In most cases, the lack of a Business Associate Agreement is the first indication that your IT company may be overstating its capabilities and services.

We recommend a simple test to see if they are, in fact, in compliance with HIPAA - have them complete our Business Associate Attestation Form _HIPAA Security_.pdf (located in EPICompliance Customer Console > Forms and Policies > HIPAA Security > PDF Forms).

This form will provide you with the necessary assurances to recognize if they are following HIPAA regulations.

If this cannot be done, we recommend the following:
  1. Sign a HIPAA-compliant agreement, or
  2. Cancel the contract and look for another subcontractor.

Regardless of the decision, EPICompliance is here to support and assist you.

For questions or concerns, contact us via the following:
  • Chatbox/window on your Complete Compliance Suite screen.
  • Telephone: 877-560-4261
  • Email: support@epicompliance.com