Sample Business Associate Agreement
In establishing the rule of application, HIPAA defined the rules under which companies and business partners concerned must comply with the Health and Human Services Department in each HIPAA Injury Investigation, in addition to the consequences and penalties for hipAA violations. 2.10 Administration and administration. Business Associate undertakes to use or disclose PHI received as a counterpart for its own activities by Covered Entity only if: (a) the use relates to the proper management and management of Business Associate, or exercises the legal responsibilities of the counterparty or provides data aggregation services related to the medical operations of the covered entity; or b) disclosure of information received as such is related to Business Associate`s provision of services specified in a service contract, and such disclosure is required by law, or Business Associate receives from the person to whom the information is disclosed, the assurance that it will be treated confidentially, and the person also undertakes to inform business associate of a security incident or violation. A HIPAA Business Association Agreement (BAA) is a written contract that exposes both the responsibilities of the company and the counterparty with respect to confidential and personally identifiable health information – and differs legally from a confidentiality agreement. Counterparties who are notified of a security breach must immediately notify the registered entity so that they can begin correct notification procedures. [Option 1 – if the counterparty is to return or destroy all protected health information after the termination of the contract] [Option 2 – where the agreement authorizes the counterparty to use or disclose protected health information for its own management and administration, or to exercise its legal obligations, and the counterparty must retain protected health information for such purposes after the termination of the contract] After the end of this agreement for some reason, Business Associate is returned to covered companies [or, if agreed by covered companies, destroying] any health information protected by companies covered, or created, maintained, or received by trading partners on behalf of the covered entity that the counterparty still manages in any form. The counterparty must not keep copies of the protected health information. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html This form applies only to the agreement between a counterparty and an insured company. Counterparties must enter into separate BAAs with their subcontractors. A lawyer may modify this form to meet the subcontractor`s BAA requirements or design a separate BAA subcontractor.