The HIPAA Privacy Rule describes the types of entities covered by HIPAA and entities that must comply with HIPAA data security and protection rules. The main categories are clearing houses, covered companies (CEs) and counterparties. The more the subcontractor receives from the covered unit, the more confusion there is as to who is actually a business partner and who must sign a matching contract. In the simplest case, a Business Associate Agreement (BAA) is a legal contract between a health care provider and a person or organization that, as part of its services, has access, transmits or stores protected health information (PHI) for the provider. Whether you prefer to call it business associate agreement or, like HIPAA, business Associate Contract, they are both ways an important part of an organization`s efforts to be HIPAA compatible. Below, we`ve put together the basic components and definitions of a HIPAA business association agreement model that you can browse. Keep in mind that ACCORDS are legally binding agreements, so it`s best to have a designated security officer, lawyer or HIPAA compliance solution that will help you navigate these contracts. 2. Explain the liability limits of the insured company. Some companies or registered counterparties insist that matching agreements be entered into because they mistakenly believe that they are held responsible for hipaa offences committed by the contractor. HIPAA specifies that covered companies or counterparties are only responsible for the activities of their counterparties or subcontractors if the counterparty or subcontractor acts as the representative of the covered entity, i.e. the covered entity has the right to control the activities of the counterparty or subcontractor.
(45 CFR 160.402 (c); 78 FR 5581). The parties can avoid liability by nature by ensuring that any contract between them clearly identifies the counterparty or subcontractor as an independent contractor and not as a representative and that the company concerned does not control the activities or activities of the counterparty or contractor. (78 FR 5581). To this end, an excessively restrictive counterparty agreement may effectively work against the covered entity, since it may suggest an agency relationship or give the covered entity greater control over the contractor`s activities. A HIPAA counterparty agreement is a contract between a company covered by HIPAA and a creditor used by that company. A company covered by HIPAA is usually a health care provider, health plan or clearing house in the health sector, which conducts transactions electronically. A supplier of a company covered by HIPAA, which must receive Protected Health Information (PHI) to perform tasks on behalf of the covered entity, is designated as a business partner (BA) under HIPAA. A provider is also classified as BA when, as part of the services provided, electronicPHI (ePHI) passes through their systems. A signed HIPAA counterparty agreement must be obtained by the covered unit before a business partner can contact the PHI or ePHI.
A business partner should also be drawn to the consequences of non-compliance with HIPAA requirements. The counterparties may be directly sanctioned by the authorities for the supervision of hip-hop offences. Both the Office of citizens` rights of the Department of Health and Human Services and the Attorneys General have the power to impose fines for violations of HIPAA rules. Trade association agreements consist of information on the authorized and unauthorized use of PHI between two HIPAA organizations. The contract should require the consideration to implement appropriate administrative, technical and physical security measures, in accordance with the security rule, to ensure the confidentiality, integrity and availability of ePHI.