3.7 Other counterparties. Covered Entity is committed to being solely responsible for the compliance of all contractual relationships it has with other business partners with HIPAA privacy and security rules. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html A health care lawyer can confirm that the appropriate agency is a “business partner” after 45 CFR 160.103. For example, companies that are only PHI lines are generally not considered business partners. However, data storage providers that manage PIs and have the encryption key are generally considered business partners. HIPAA allows business partners to obtain health information when such authority is issued within the BAA. This provision is an example of granting such powers. Most of the companies surveyed do not allow counterparties to use unidentified data for commercial purposes, or they wish to have access to searches with unidentified data. Consider discussing alternatives with a lawyer who can review the provision. HIPAA does not indicate which party should pay for notification of violations.
A covered entity may delegate payment liability to the counterparty. A lawyer may review the text of this provision in response to business practices. Trading partners must also comply with other federal and regional data protection laws, which are stricter than HIPAA. A lawyer can advise on existing laws and the compliance obligations that flow from them. 5.3 Effect of termination. Unless otherwise stated, the contracting parties agree that at the end of this BAA, Business Associate will return to the covered unit for any reason or, if agreed by Covered Entity, destroy allPHIps received by the insured unit or created, managed or received by Business Associate on behalf of the insured entity. In the event that Business Associate reasonably believes that the return or destruction of the PHI is not possible, Business Associate Covered Entity will inform of conditions that do not permit return or destruction. By mutual agreement between the parties, Business Associate may retain the PHI and will continue to extend to the use and/or disclosure of PPH by Business Associate all safeguards, restrictions and restrictions contained in this ACCORD, provided that Business Associate has such a PHI. Unlike most contracts, a HIPAA counterparty agreement does not necessarily protect a covered company from financial penalties for violations of the PHI. When an insured company does not receive assurance that a counterparty is able to work in a HIPAA-compliant framework before entering into a contract and then violates the PHI, the covered entity may be considered responsible for the infringement. BAAs both respect HIPAA rules and create a relationship of responsibility between the two parties.
Posted in: Uncategorized