UCLBS News

December 20, 2020

What Needs To Be In A Business Associate Agreement

Filed under: Uncategorized — Administrator @ 9:06 pm

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) stipulates that covered companies must enter into contracts with their trading partners to ensure that counterparties properly protect protect protected health information (“PHI”). Counterparties who mandate contractors for certain functions related to the PHI are also required to enter into co-partner contracts with their subcontractors. This article provides an overview of the rules for counterparty agreements. There are a few exceptions to the requirement to sign a counterparty agreement. These include specialists to whom a hospital refers a patient and transmits the patient`s medical card for treatment, laboratories to which a physician discloses a patient`s PPH for treatment, and the disclosure of PHI to a health plan sponsor, such as an employer, through a collective health plan. Instead, ask them to sign a confidentiality agreement. We include these points in the confidentiality agreements we offer to our customers: the contract must describe the authorized and necessary use of health information protected by the business partner; provide that the counterparty will not continue to use or disclose protected health information unless the contract is authorized or required or required by law; require the counterparty to adopt appropriate safeguards to prevent the misuse or disclosure of protected health information that is not provided for by contract. Covered companies may be fined for not entering into a HIPAA counterparty agreement or for entering into an incomplete agreement – while HITECH 78 FR 5574 AAS are required to comply with the HIPAA safety rule, even if no HIPAA counterparty agreement is reached. HHS can monitor AABs and subcontractors to verify HIPAA compliance, not just covered companies. This means that organizations must have a Trade Association Agreement (BAA) for all three levels in order to meet HIPAA requirements. It is in your best interest to have an agreement, as all three classifications are responsible for the protection of the PHI. Each party in the chain is legally and contractually obligated to protect the PHI and manage it to the same extent as the obligations of the company covered at the top of the chain.

Therefore. B, if a covered company is a hospital and that hospital has a 24-hour injury report, each link (or business partner) of that chain must also report the injury report 24 hours a day in its BAAs. Not all doctors need a BAA. The easiest way to say is if you are a so-called “covered” entity and if you are subject to HIPAA rules. Ask yourself these two questions: Therefore, whenever an insured company or counterparty enters into a contract with another party to provide services involving the exchange of PHI, the parties should carefully analyze the agreement to determine whether a counterparty agreement is required.

TrackBack URI

Theme: Rubric. Get a free blog at WordPress.com