Business Associate Agreement Requirement HIPAA requires insured companies to cooperate only with business partners that guarantee full protection of the PHI. These insurances must take the form of a contract or other agreement between the insured company and BA1.1 Some covered companies have chosen a “safer than sorry” approach to address their definitional problems and have entered into agreements with all companies with which they have business relationships, whether or not they have been obliged to do so. Recent studies funded by the California Healthcare Foundation have shown that many companies unnecessarily enter into agreements with other covered companies and also enter into agreements with suppliers who did not have access to the PHI and would probably never do so. In one case, a covered company asked its landscaper to sign a HIPAA business partnership agreement. To understand the HIPAA definition of a business partner, it is useful to first understand the definition of a HIPAA “covered business.” A “secure unit” is defined as part of HIPAA, including health plans, health clearing houses and some health care providers that electronically transmit health information related to certain hip-.B.C operations. What are the provisions to be included in a matching agreement? For healthcare professionals, here is a short piece of information from Julie L. Hamlet and Ray H. Littleton of our Heath Care Law Group on business associate agreements and the need to consult your lawyer to avoid the consequences. Failure to enter into HIPAA-compliant counterparty agreements if necessary can result in heavy penalties for covered companies and counterparties. [Option 2 – where the agreement authorizes the counterparty to use or disclose protected health information for its own management and administration, or to exercise its legal obligations, and the counterparty must retain protected health information for such purposes after the termination of the contract] Once companies, business partners and covered business partners have identified their relationship, it is important to ensure that third parties protect the POs they receive.

A signed agreement proves that the BA knows that they must manage THE PHI. A counterparty is a person or organization (with the exception of a staff member of the covered entity) that produces, receives, manages or transmits protected health information for a covered company. Examples of matching activities include claims processing and management, data analysis, processing or management, capacity utilization verification, quality assurance, patient safety activities, billing, benefit management, practice management and reassessment. In addition, counterparties are required to enter into counterparty agreements with a counterparty that creates, receives, manages or transmits protected health information on behalf of another counterparty. A subcontractor`s counterparty must meet the same requirements as those that apply to contracts or other agreements between a covered entity and a counterparty.

No Comments

Sorry, the comment form is closed at this time.