When To Use A Business Associate Agreement


However, as a hipaa organization, you know that most of your suppliers are also BAs. So we turn to your BA contract: the counterparty contract. To comply with HIPAA, a counterparty agreement must include a description of the uses and declarations of PHI authorized and required by the counterparty. The counterparty agreement must also require, among other things, that the business partner: What is a “business associate?” “counterparty”: a person or organization that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of a covered company or that provide services to a covered business; An insured company staff member is not a business partner. A covered health care provider, health plan or health care clearinghouse may be a counterpart to another insured company. The data protection rule lists some of the functions or activities and related services that make an individual or organization a business partner when the activity or service involves the use or disclosure of protected health information. The types of functions or activities that can make an individual or organization a counterpart include payment or health transactions, as well as other functions or activities governed by administrative simplification rules. (78 FR 5574). These “reasonable assurances” can be obtained through a limited confidentiality agreement; a full-fledged counterparty agreement is not necessary. If you hire a subcontractor and the contractor comes into contact with a PHI, you must execute a BAA between the two of you. The data protection rule stipulates that all counterparty contractors must consent to restrictions identical to those of the original counterparty. If you have questions about HIPAA requirements that apply to a business partner or would like to help us develop or revise a matching agreement, please contact us.

Find our contact details below. (FAQ OCR). Although classifying as a staff member would help contractors circumvent counterparty obligations, covered companies may refuse to classify contractors as staff, as this may indicate that the contractor is acting as an agent of the target company, exposing the covered company to additional liability for the contractor`s actions. (see 45 CFR 160.402 (c); 78 FR 5581. In the simplest case, a Business Associate Agreement (BAA) is a legal contract between a health care provider and a person or organization that, as part of its services, has access, transmits or stores protected health information (PHI) for the provider. Whether you prefer to call it business associate agreement or, like HIPAA, business Associate Contract, they are both ways an important part of an organization`s efforts to be HIPAA compatible. Below, we`ve put together the basic components and definitions of a HIPAA business association agreement model that you can browse. Keep in mind that ACCORDS are legally binding agreements, so it`s best to have a designated security officer, lawyer or HIPAA compliance solution that will help you navigate these contracts. 1.

Explain the commitment limits of the counterparties discussed above. I hope that the covered entity will recognize that a counterparty agreement is not necessary and that it is prepared to renounce the agreement. (78 FR 5574). Although no counterparty agreement is required because an entity assists the counterparty in its own administrative or administrative functions, HIPAA limits the use or disclosure of PHI by the entity: the BAA also defines the services provided by the counterparty, the type of data with which it interacts, and deals with areas related to injury notifications (for example. B calendar). and penalties.

Comments are closed.