fbpx
Text Messaging in Research

Business Associate Agreements: Are You Texting Study Subjects Without A BAA?

By August 7, 2023 December 2nd, 2023 No Comments

When it comes to using text messaging in your research studies, we cannot overstress the importance of compliance. If you are communicating with study subjects through a software vendor, you need a business associate agreement.

Due to increased engagement among study participants, text messaging study subjects are now an increasingly common practice in research studies, but the manner in which these messages are transmitted is under scrutiny.

Is your research team sending text messages without a Business Associate Agreement (BAA)? While it might seem like a small oversight, the repercussions are significant.

Business Associate Agreements: What You Need To Know

Costs Associated With Having A Vendor Sign A BAA

There are both direct and indirect costs tied to getting a BAA in place. Direct costs often relate to legal expenses incurred during the drafting, review, and execution of the agreement. Indirect costs might be the time spent by your IT and legal teams in due diligence and the potential operational changes you might need to implement to comply with the BAA.

While some vendors will charge up to $20,000 per annum for the signing of a BAA and only allow organizations to sign their BAAs, vendors like Mosio will review and sign BAAs from organizations. We currently do this for our university cancer center research hospital clients. We are also happy to answer the organization’s IT and data security questionnaires.

Navigating The BAA Signing Process: Who Signs Whom?

It’s essential to understand whether the vendor will sign your organization’s BAA or if you’ll be required to sign theirs. While many organizations prefer using their own BAA due to familiarity with its terms, some vendors might insist on theirs. This can arise from the vendor’s desire to maintain consistency across clients or to ensure their terms are favorable. When you are partnering with software vendors for a research study, it’s crucial to understand and negotiate the signing of BAAs upfront to avoid surprises down the line.

Existing Agreements: Is There Already a BAA in Place?

Before you jump into a new agreement, check if your organization already has a BAA with a text messaging vendor like Mosio. Having a pre-existing BAA can significantly streamline the procurement process for researchers. An existing BAA likely means that the vendor has already undergone scrutiny and has met all the necessary IT security standards for compliance. As a result, you might bypass lengthy security reviews, enabling your research team to progress ahead with upcoming studies.

Vendor Transparency: Can Your IT Department Dive Deeper?

It’s incredibly important that software vendors are open to questions about their data handling, privacy, and security measures. In most cases, no issues will arise and transparent vendors will happily comply. Your IT department will need information on data, handling, privacy, and security measures to ensure compliance with institutional and regulatory standards. If a vendor is hesitant or unwilling to share information on their practices, it’s a major red flag.

Software Functionality: Is It Meeting Your Needs?

Even though compliance is non-negotiable, you shouldn’t forget about functionality. Does your chosen text messaging software solution only send alerts, or are you seeking more interactive capabilities like two-way messaging? Settling for limited functionality (with a vendor that will readily sign a BAA) may seem like a fast solution, but in the long run, it might force you to restart the BAA process with another vendor. It’s worth taking a step back as a research team and assessing your needs thoroughly. You can then choose a software vendor that aligns with both your compliance and functional requirements.

Getting Software Vendors To Sign BAAs: It’s More Than A Template

Sending text messages to study subjects without a BAA is a risky endeavor. While free or low-cost solutions might seem enticing, the potential legal and compliance repercussions are often severe. You should always prioritize getting a BAA in place and ensure you are partnering with a vendor that meets both your compliance standards and functional needs. The best software vendors will readily sign your BAA and answer any compliance questions you have, making the whole process seamless.