10. Dezember 2020
Hipaa Business Associate Agreement Subcontractor
Unlike most contracts, a HIPAA counterparty agreement does not necessarily exempt a company covered by financial penalties for violations of the PHI. When an insured company does not receive „satisfactory assurance“ that a BA complies with HIPAA prior to the conclusion of the contract and a subsequent violation of the PHI occurs, the entity concerned may be considered responsible for the infringement. [The parties may add additional features with respect to the counterparty`s obligations to notify an infringement, such as, for example. B, a stricter period for the counterparty to report a possible violation to the entity concerned, and/or whether the counterparty will deal with injury notifications to individuals, the HHS Office for Civil Rights (OCR) and possibly the media on behalf of the company concerned.] Each party in the chain is legally and contractually obligated to protect the PHI and manage it to the same extent as the obligations of the company covered at the top of the chain. Therefore. B, if a covered company is a hospital and that hospital has a 24-hour injury report, each link (or business partner) of that chain must also report the injury report 24 hours a day in its BAAs. (a) Counterparties may not use or disclose protected health information that a HIPAA counterparty agreement is a contract between an entity covered by HIPAA and a creditor used by that company. A company covered by HIPAA is usually a health care provider, health plan or clearing house in the health sector, which conducts transactions electronically. A supplier of a company covered by HIPAA, which must receive Protected Health Information (PHI) to perform tasks on behalf of the covered entity, is designated as a business partner (BA) under HIPAA. A provider is also classified as BA when, as part of the services provided, electronicPHI (ePHI) passes through their systems. A signed HIPAA counterparty agreement must be obtained by the covered unit before a business partner can contact the PHI or ePHI. Covered companies may be fined for not entering into a HIPAA counterparty agreement or for entering into an incomplete agreement – while HITECH 78 FR 5574 AAS are required to comply with the HIPAA safety rule, even if no HIPAA counterparty agreement is reached.