website statistics

When Do You Need A Hipaa Business Associate Agreement

By  | 

However, if the covered entity has performed its due diligence prior to the conclusion of an agreement, these situations are rare. Assuming that the covered company is diligent, it is unlikely that the covered business will be guilty if a supplier violates the BAA and in any way violates HIPAA. If the creditor signs the document, he assumes responsibility for safeguarding the PHI. 2. Explain the liability limits of the insured company. Some companies or registered counterparties insist that matching agreements be entered into because they mistakenly believe that they are held responsible for hipaa offences committed by the contractor. HIPAA specifies that covered companies or counterparties are only responsible for the activities of their counterparties or subcontractors if the counterparty or subcontractor acts as the representative of the covered entity, i.e. the covered entity has the right to control the activities of the counterparty or subcontractor. (45 CFR 160.402 (c); 78 FR 5581). The parties can avoid liability by nature by ensuring that any contract between them clearly identifies the counterparty or subcontractor as an independent contractor and not as a representative and that the company concerned does not control the activities or activities of the counterparty or contractor. (78 FR 5581). To this end, an excessively restrictive counterparty agreement may effectively work against the covered entity, since it may suggest an agency relationship or give the covered entity greater control over the contractor`s activities.

HHS can monitor AABs and subcontractors to verify HIPAA compliance, not just covered companies. This means that organizations must have a Trade Association Agreement (BAA) for all three levels in order to meet HIPAA requirements. It is in your best interest to have an agreement, as all three classifications are responsible for the protection of the PHI. 5. If the counterparty uses subcontractors or other entities to provide services to the registered business in which PHI is involved, you enter into matching agreements with the subcontractors. (45 CFR 164.314 (a) and 164,504 (e)). Trade association agreements consist of information on the authorized and unauthorized use of PHI between two HIPAA organizations. The contract should require the consideration to implement appropriate administrative, technical and physical security measures, in accordance with the security rule, to ensure the confidentiality, integrity and availability of ePHI. Contracts can also be formatted to describe in detail the relationship between a covered company and a business partner, as well as the relationships between two business partners. 8.