Finally, failure to meet the requirements of an agreement by a partner/subcontractor could have a significant impact: from award-winning HIPAA training to contracts and agreements, we can meet your requirements so that you have protected your business. Covered companies may be fined for not entering into a HIPAA counterparty agreement or for entering into an incomplete agreement – while HITECH 78 FR 5574 AAS are required to comply with the HIPAA safety rule, even if no HIPAA counterparty agreement is reached. In the simplest case, a Business Associate Agreement (BAA) is a legal contract between a health care provider and a person or organization that, as part of its services, has access, transmits or stores protected health information (PHI) for the provider. Whether you prefer to call it business associate agreement or, like HIPAA, business Associate Contract, they are both ways an important part of an organization`s efforts to be HIPAA compatible. Below, we`ve put together the basic components and definitions of a HIPAA business association agreement model that you can browse. Keep in mind that ACCORDS are legally binding agreements, so it`s best to have a designated security officer, lawyer or HIPAA compliance solution that will help you navigate these contracts. While it is almost always necessary for a counterparty to sign an agreement with an insured company when an ePHI counterparty creates, receives, maintains or transmits on behalf of the insured company, if it does not offer covered service to the covered company (i.e. a landscaper), the business is not a consideration and no agreement is required. What is a business associate? “counterparty”: a person or organization that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of a covered company or that provide services to a covered business; An insured company staff member is not a business partner. A covered health care provider, health plan or health care clearinghouse may be a counterpart to another insured company.

The data protection rule lists some of the functions or activities and related services that make an individual or organization a business partner when the activity or service involves the use or disclosure of protected health information. The types of functions or activities that can make an individual or organization a counterpart include payment or health transactions, as well as other functions or activities governed by administrative simplification rules.