From award-winning HIPAA training to contracts and agreements, we can meet your requirements so that you have protected your business. The definition of a business partner is quite simple. It is anyone to whom you enter into a contract who will process your protected health information (PHI) for some reason. A striking example: in a famous HIPAA case, a clinic asked a supplier to convert its X-ray films into digital format and recover money from the films. They were unable to sign a BAA and were struck by the OCR with a payment order of $750,000. HHS can monitor AABs and subcontractors to verify HIPAA compliance, not just covered companies. This means that organizations must have a Trade Association Agreement (BAA) for all three levels in order to meet HIPAA requirements. It is in your best interest to have an agreement, as all three classifications are responsible for the protection of the PHI. As a general rule, the BAA also defines the services provided by the counterparty, the nature of the data with which it interacts and deals with the areas relating to injury notifications (for example. B calendars) and sanctions. It became much more disturbing when the hitech HIPAA Omnibus Rule expanded in 2013 the simple previous definition of the business partner to the so-called subcontractor. Subcontractors, such as a software developer or host, are typically service or technology organizations that provide additional services to partners that provide services to covered businesses.
A HIPAA business association agreement should not be a stand-alone contract. The language of an BAA can be summarized in data security agreements, master service agreements or terms of service. HIPAA requires insured entities to cooperate only with trading partners that guarantee full protection of the PHI. These insurances must take the form of a contract or other agreement between the insured unit and BA.1 If you hire a contractor and you process PHI that goes through your company first, you must sign an BAA with that contractor. Your business partners must then sign HIPAA contract forms with their business partners. The quick rule to remember with business partners: before releasing PHI, you must have a BAA. A HIPAA Business Association Agreement is the easiest way to protect your practice or organization in the event of a violation, which we will discuss in more detail below. Does a contractor have to comply with any provision of your BAA? The data protection rule seems to say so. The rule is that all counterparties accept restrictions identical to those of the counterparty. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html Below, you`ll find examples of service providers that are sometimes business partners, depending on the underlying relationships, whether they access PHI and related features: the HIPAA Privacy Rule describes the types of entities covered by HIPAA and entities that must comply with HIPAA`s security and data protection rules.