21 Dez When Are Business Associate Agreements Required
A “counterparty” is a person or organization (with another entity of a covered entity) that performs certain functions or activities on behalf of a covered entity or provides certain services involving consideration access to PHI. A “business partner” also includes a subcontractor who creates, receives, manages or transfers PHI on behalf of another counterparty. Counterparties` functions and activities include: processing or managing receivables; Data analysis, processing or management Checking usage Quality assurance Settlement of accounts Benefit management Practice management and reassessment. The services provided by the counterparties may include: actuarial; Accounting; The council data aggregation Administration medical, administrative transport; Accreditation and financially. The contract should provide that the BA (or subcontractor) must take appropriate administrative, technical and physical security measures to ensure the confidentiality, integrity and availability of ePHI and meet the requirements of the HIPAA security rule. Some of these measures may be indicated in the BAA or left to the BA`s discretion. The BAA should also include authorized uses and disclosures of PHI to meet the requirements of the HIPAA data protection rule. In case people who do not have access to the PHI for advertising information, such. B as the internal violation or cyberattack, access PHI, the business partner is required to inform the entity concerned of the violation and may be required to send notifications to persons whose PHI has been compromised. The timing and reporting responsibilities should be detailed in the agreement. In particular, when they provide services or technologies to a covered company (for example. B a hospital) or another business partner as a subcontractor (.
B for example, a PaaS provider such as Datica), counterparties process, process, transfer or interact in some way with protected electronic health information (ePHI) of these companies. With this PHI access, all business partners must sign a Business Associate Agreement (BAA). The BAA is a legal contract that describes how the business partner joins HIPAA, as well as the responsibilities and risks it assumes. For healthcare professionals, here is a short piece of information from Julie L. Hamlet and Ray H. Littleton of our Heath Care Law Group on business associate agreements and the need to consult your lawyer to avoid the consequences. Failure to enter into HIPAA-compliant counterparty agreements if necessary can result in heavy penalties for covered companies and counterparties. The definition of a business partner is quite simple. According to the Department of Health and Human Services, a business partner is the most comprehensive source of information about HIPAA: the HHS website.
However, since HHS cannot cover all possible relationships between a covered company and a counterparty, some of this information may be difficult to track and interpretable. For specific advice on specific circumstances, it is recommended to ask for professional hipaa compliance assistance. Trade association agreements consist of information on the authorized and unauthorized use of PHI between two HIPAA organizations.