Business Associate Agreement Template

The BAA transfers the legal risk from the covered entity to the counterparty. A company that signs the BAA and is not a “counterparty” is still subject to contractual liability, restrictions on data publication, compliance fees with legislation and penalties for non-compliance – risks that can be discussed with a lawyer. Use our HIPAA counterparty agreement if your company has access to health information and wants a third party to process it. (f) [Optional] The counterparty may disclose protected health information for the proper management and management of the counterparty or to fulfil the counterparty`s legal obligations, provided that the disclosures are required by law or that the counterparty receives reasonable assurances from the person to whom the information is disclosed that the information remains confidential and that it is only used at that time or remain open shall be disclosed to the person for the purposes for which it was used and the person shall inform the counterparty of all cases of which he is aware and in which the confidentiality of the information has been breached. [ii] U.S. Department of Health & Human Services (HHS.gov, Health Information Privacy). Available under www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/ccdh/index.html In order to maintain HIPC compliance, all covered companies and counterparties must comply with PPTEA data protection standards as well as security and breach notification rules. [Option 1 – if the counterparty must return or destroy all protected health information at the end of the contract] Counterparties notified of a security breach must immediately inform the entity concerned so that they can initiate the appropriate notification procedures. In practice, business partners must train their staff in HIPAA rules. Documentation of these trainings can help prevent HIPC infringements and avoid allegations of intentional negligence. A lawyer can help design training modules and explain how to follow the end of training programs.

Please visit the U.S. Department of Health and Human Service website for more information on how HIPAA defines the companies and business partners covered. The security rule set out the security measures to be taken to protect PHI. For example, a comprehensive risk analysis of the security risks of the activities of a hedged enterprise and counterparty should be conducted before either party can manage and transfer IHP. Since 1996, the Health Insurance Portability and Accountability Act (PPTE) has required thousands of U.S. companies to enter into counterparty agreements. (h) to the extent that the counterparty must meet one or more of the obligations of the covered entity referred to in Sub-Part E of 45 CFR Part 164, to comply with the requirements of Subsection E that apply to the covered entity when performing that obligation or obligations; and a business partner, any person, agency or organization that receives protected health information to perform a service on behalf of a covered entity.. . . .

Comments are closed.