A HIPAA counterparty agreement is a contract between a company covered by HIPAA and a creditor used by that company. A company covered by HIPAA is usually a health care provider, health plan or clearing house in the health sector, which conducts transactions electronically. A supplier of a company covered by HIPAA, which must receive Protected Health Information (PHI) to perform tasks on behalf of the covered entity, is designated as a business partner (BA) under HIPAA. A provider is also classified as BA when, as part of the services provided, electronicPHI (ePHI) passes through their systems. A signed HIPAA counterparty agreement must be obtained by the covered unit before a business partner can contact the PHI or ePHI. The Business Associate Agreement is required by HIPAA to grant a third party (3rd) („Business Associate“) access to protected health information (PHI) by a medical office („covered facility“). It outlines the rules under which personal medical records can be transmitted in accordance with federal law. After the authorization, the business partner is responsible for the protection of all protected health information shared with specific instructions in case of security violation. It is strictly forbidden for the counterpart to sell or use health information prohibited for the subsystem.
A health lawyer can confirm that the relevant agency is a „business partner“ after 45 CFR 160.103. For example, companies that are only PHI lines are generally not considered business partners. However, data storage providers that manage PIs and have the encryption key are generally considered business partners. BAAs both respect HIPAA rules and create a relationship of responsibility between the two parties. If one party violates a BAA and reveals the PHI, it has the other legal status. If there is no BAA or incomplete, or if the agreement is ruthlessly violated, both employees may find themselves in the crosshairs of the Department of Health Services and Human Resources, the Civil Rights Office and perhaps even the Department of Justice. (f) [optional] Counterparties may provide protected health information for the proper management and management of the counterparty or to fulfil the legal obligations of the counterparty; where the information is prescribed by law or the consideration receives from the person to whom the information is disclosed, reasonable assurances that the information will remain confidential and that it will not be disclosed until then, in accordance with the law or for the purposes for which it was disclosed to the person, and that the person informs the counterpart of any case where the confidentiality of the information has been violated. 2.2 Safety precautions.
Business Associate is committed to implementing and implementing appropriate administrative, physical and technical security measures to prevent the use or disclosure of PPHs; and (b) to adequately protect the confidentiality, integrity and availability of the ePHI that creates, receives, manages or transmits business associate on behalf of the insured entity. These security measures include a written information security directive, a security incident response plan, regular safety awareness training and confidentiality/non-disclosure agreements with independent subcontractors and consultants with whom Business Associate has delegated tasks under this AGENCY.