Business Associate Agreement Should Be Signed


There are many HIPAA counterparty agreement models, but one must be careful before they are used. Before using such a template, it is important to check for whom this template was designed to make sure it is relevant. It should also be customized to include all requirements defined by the covered entity. Finally, non-compliance with the requirements of an agreement by a counterparty/subcontractor can have a significant impact: the contract must describe: the authorised and necessary use by the counterparty of protected health information; provide that the counterparty shall not use or disclose protected health information other than to the extent permitted, prescribed or prescribed by law; and request the counterparty to take appropriate security measures to prevent the misuse or disclosure of protected health information not provided for in the contract. Here are seven brief pieces of information about HIPAA Business Associate Agreements (BAAs). In the simplest, a Business Association Agreement (BAA) is a legal contract between a healthcare provider and a person or organization that, as part of its services, obtains, transfers or stores protected health information (Phi) as part of its services. Whether you prefer to call it a business associate agreement or, like HIPAA, call it a business associate agreement, in one way or another, they are a critical component of a company`s efforts to be HIPAA compliant. Below, we`ve gathered the basic components and definitions of a HIPAA business agreement template that you can browse. Remember that BAs are legally binding agreements, so it`s best to have a designated security officer, attorney, or HIPAA compliance solution to help you navigate through these contracts.

What is an “associate”? `counterparty` means any natural or legal person who performs certain functions or activities involving the use or disclosure of protected health information on behalf of an undertaking concerned or the services provided to that undertaking. A staff member of the covered company is not a business partner. An insured health care provider, health plan or health care clearing house may be a counterparty to another covered entity. The data protection rule lists certain functions or activities as well as the respective services that make a natural or legal person a counterparty when the activity or service involves the use or disclosure of protected health information. The types of functions or activities that may make a natural or legal person a counterparty include payment or health activities, as well as other functions or activities governed by the administrative simplification rules. Contractors who work exclusively for your company, people with other customers and employees hired through a company are not business partners. However, your company is liable if any of these people contravene PHI. Here are some examples of third-party providers that should provide you with a BAA when managing your customers` PHI: Encrypting all ePHI stored or transferred by a trading partner is important coverage, but encryption alone is not enough to ensure HIPAA compliance.

Physical security measures must also be implemented to ensure that the ePHI cannot be consulted by unauthorized persons and administrative security measures must be taken, written guidelines and procedures must be developed and maintained. . . .