From award-winning HIPAA training to contracts and agreements, we can meet your requirements so that you have protected your business. You will find two examples of HHS interpretations of what it means to treat PHI “on behalf” of an entity to determine if there is an associated relationship on page 5572 of the FINAL HIPAA omnibus rule and in the latest HHS guidelines on when developers of digital health applications can be business partners. Unlike most contracts, a HIPAA counterparty agreement does not necessarily protect a covered company from financial penalties for violations of the PHI. When an insured company does not receive assurance that a counterparty is able to work in a HIPAA-compliant framework before entering into a contract and then violates the PHI, the covered entity may be considered responsible for the infringement. In the event of a violation or non-compliance with a BAA by a counterparty/subcontractor, the covered unit must take appropriate measures to remedy the infringement or terminate the infringement. “If such measures fail, they must terminate the contract or agreement,” HHS explains. “If termination of the contract or agreement is not possible, a covered entity is required to report the issue to the HHS Office for Civil Rights.” 1 However, if the covered company has performed its due diligence prior to the conclusion of the contract, these situations are rare. Assuming that the covered company is diligent, it is unlikely that the covered business will be guilty if a supplier violates the BAA and in any way violates HIPAA. If the creditor signs the document, he assumes responsibility for safeguarding the PHI. Business Associate Agreements (BAAs) is an essential part of any effective HIPAA compliance program.
But understanding what a good BAA should and shouldn`t contain is not as intuitive as understanding that you need it. HIPAA requires insured entities to cooperate only with trading partners that guarantee full protection of the PHI. These insurances must take the form of a contract or other agreement between the insured company and BA.1. The BAA model provided here (tk-Link to pdf) is widespread. Any effective use of such an agreement requires adaptation to the specific needs of the organization. There are only a few more thoughts here that a company could consider when developing a specific contract. In particular, when they provide services or technologies to a covered company (for example. B a hospital) or another business partner as a subcontractor (. B for example, a PaaS provider such as Datica), counterparties process, process, transfer or interact in some way with protected electronic health information (ePHI) of these companies. With this PHI access, all business partners must sign a Business Associate Agreement (BAA).
The BAA is a legal contract that describes how the business partner joins HIPAA, as well as the responsibilities and risks it assumes. The best thing you can do is consult your lawyer to find out exactly what your responsibility is when it comes to HIPAA. In the simplest case, a Business Associate Agreement (BAA) is a legal contract between a health care provider and a person or organization that, as part of its services, has access, transmits or stores protected health information (PHI) for the provider. Whether you prefer to call it business associate agreement or, like HIPAA, business Associate Contract, they are both ways an important part of an organization`s efforts to be HIPAA compatible. Below, we`ve put together the basic components and definitions of a HIPAA business association agreement model that you can browse. Keep in mind that ACCORDS are legally binding agreements, so it`s best to have a designated security officer, lawyer or HIPAA compliance solution that will help you navigate these contracts.