6. Companies that perform administrative or administrative functions for business partners. Covered companies may authorize counterparties to use PHI for their own management and management or legal responsibilities of the counterparty. (45 CFR 164.504 (e) (4)). If this is the case, A BAA is a signed document that confirms the willingness of a third-party supplier to take responsibility for the safety of your customers`PHI, to respect the appropriate guarantees and to meet hipaa requirements when they treat PHI on your behalf. Once companies, business partners and covered business partners have identified their relationship, it is important to ensure that third parties protect the POs they receive. A signed agreement proves that the BA knows that they must manage THE PHI. Here are seven quick facts about HIPAA Business Association (BAAs) agreements. For these types of employees who are not business partners, Total HIPAA recommends that if the “collaborator” is a contractor who works exclusively for your company or an individual contractor with other customers, you cannot expect the person to generate privacy and security policies and procedures such as a BA or ARS. There is no need to ask them to sign a BAA or a BAA subcontractor because they do not have the compliance infrastructure required by HIPAA. Avoid unnecessary counterparty agreements. Unfortunately, many covered companies or counterparties seek matching agreements out of ignorance or precaution, even if these agreements are not technically necessary. Entities should avoid the execution of unnecessary counterparty agreements.
they submit to contractual commitments that they would not have, but to the agreement, including compliance costs, which do not otherwise apply; Restrictions on the use of disclosure; and damage in case of non-compliance. In addition, by implementing unnecessary counterparty agreements, the entity may improperly admit that it is a trading partner and thus expose itself to HIPAA penalties for non-compliance. To avoid such situations, companies that are invited to implement unnecessary counterparty agreements may consider reacting as follows: However, if the covered entity has performed its due diligence before an agreement is reached, these situations are rare.