www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html Business Associate Agreements, known as BAAs, are legally binding documents describing how the PHI is handled between the registered entity and the counterparty and who is liable in the event of an infringement. This agreement is what can protect you and your business as a practitioner if a business partner is in violation. Today we will see who are trading partners, how they are different from a covered company, who needs a BAA and what happens if not on the spot. Once companies, business partners and covered business partners have identified their relationship, it is important to ensure that third parties protect the POs they receive. A signed agreement proves that the BA knows that they must manage THE PHI. Matching contracts. The contract of a covered company or any other written agreement with its counterparty contains the elements covered in paragraph 45 CFR 164.504 (e). The contract must, for example. B Describe the authorized and necessary use of health information protected by the counterparty; provide that the counterparty will not continue to use or disclose protected health information, with the exception of the contract or the law; and require the counterpart to adopt appropriate security measures to prevent the use or disclosure of protected health information that is not provided for by the contract. If a covered entity is aware of a significant violation or violation by the counterparty of the contract or agreement, the covered entity is required to take appropriate steps to correct the violation or terminate the violation and if such measures are inconclusive, to terminate the contract or agreement. If termination of the contract or agreement is not possible, a covered company is required to report the problem to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR).
Please consult our standard contract for business partners. What does this definition mean? If you hire a company or person outside of a W-2 staff member who accesses, uses, distributes or processes PHI in their work, they are considered business partners and must have a BAA. For example, delivery companies, grinding companies, software or IT companies, accounting and billing companies, call centers and even 1,099 employees.