When Is A Business Associate Agreement Needed

The most comprehensive source of information about HIPAA is the HHS website. However, since HHS cannot cover all possible relationships between a covered company and a counterparty, some of this information may be difficult to track and interpretable. For specific advice on specific circumstances, it is recommended to ask for professional hipaa compliance assistance. Covered companies may be fined for not entering into a HIPAA counterparty agreement or for entering into an incomplete agreement – while HITECH 78 FR 5574 AAS are required to comply with the HIPAA safety rule, even if no HIPAA counterparty agreement is reached. A business partner should also be drawn to the consequences of non-compliance with HIPAA requirements. The counterparties may be directly sanctioned by the authorities for the supervision of hip-hop offences. Both the Office of citizens` rights of the Department of Health and Human Services and the Attorneys General have the power to impose fines for violations of HIPAA rules. [HIPAA] requires, for [all] information that is not required by law, that the consideration receive reasonable assurances from the person to whom the [PHI] is disclosed, that it is confidential and that it is only used or disseminated at that time, in accordance with the law or for the purposes for which it was disclosed to the person, and that the person informs the consideration of the cases of which he or she is aware of the information. See point 164.504 (e) (4) (ii) (B). The counterparty agreement guarantees the use of a retention chain for PIS. A seller of a business covered by HIPAA must enter into a contract with the covered company and a subcontractor used by a counterparty is also required to enter into a contract of this type. A subcontractor is a consideration for consideration and is not covered by the ba/covered enterprise contract.

A separate contract must be signed before access to PHI is granted. The chain can be longer and further away from the covered entity that transmits the ePHI, the greater the potential for violations of the HIPAA business association agreement. It`s like a chain that follows the PHI from the first link in the chain, which is the covered entity. The following link would be the trading partner and all their subcontractors (including trading partners) would be the following links. Think of subcontractors as business partners. The BAA follows the direct path of the chain. A covered company is therefore not required to sign an BAA with the subcontractors of its trading partners, but it is the business partner that is. A HIPAA counterparty agreement is a contract between a company covered by HIPAA and a creditor used by that company. A company covered by HIPAA is usually a health care provider, health plan or clearing house in the health sector, which conducts transactions electronically.