Why Is It Important To Have A Business Associate Agreement

Posted in Uncategorized by Hemant Naidu on April 15, 2021

A business partner should also be drawn to the consequences of non-compliance with HIPAA requirements. The counterparties may be directly sanctioned by the authorities for the supervision of hip-hop offences. Unlike most contracts, a HIPAA counterparty agreement does not necessarily protect a covered company from financial penalties for violations of the PHI. When an insured company does not receive assurance that a counterparty is able to work in a HIPAA-compliant framework before entering into a contract and then violates the PHI, the covered entity may be considered responsible for the infringement. While the HIPAA privacy rule describes how to use and disclose the PHI, the HIPAA security rule outlines the security measures that must be put in place to protect PIs. In other words, HIPAA`s data protection rule requires matching agreements to be entered into and the HIPAA security rule describes how the BAA will implement “administrative, physical and technical security measures that adequately preserve, maintain or protect the confidentiality, integrity and availability of PHPs it creates on behalf of the covered company.” If you hire a subcontractor and the contractor comes into contact with a PHI, you must execute a BAA between the two of you. The data protection rule stipulates that all counterparty contractors must consent to restrictions identical to those of the original counterparty. HIPAA requires insured entities to cooperate only with trading partners that guarantee full protection of the PHI. These insurances must take the form of a contract or other agreement between the insured unit and the BA.1 It can be confusing for those in the health sector to determine when a business association agreement (“BAA”) is required under the Health Insurance Portability and Accountability Act (“HIPAA”). With this determination, it can be difficult to decide what should be included in such an agreement. This contribution aims to introduce the concept of BAA and provide basic guidelines.

As a starting point, it is important to know what a “secure unit” is. The term is defined in HIPAA rules in point 45 C.F.R. 160.103 as a health plan, a health care clearing house or “a health care provider providing health information in electronic form as part of a transaction covered by this sub-chapter.” If you`re wondering which transactions are covered by which sub-chapter, a common example is electronic billing for the services provided. The HIPAA data protection rule requires all insured companies to have a business association agreement (BAA) signed with each business partner (BA) they employ that can contact PHI. Counterparty agreements called BAAs are legally binding documents that describe PHI`s treatment between the covered entity and the counterparty and who is liable in the event of an infringement. This agreement is what can protect you and your business as a practitioner if a business partner is in violation. Today we will see who are trading partners, how they are different from a covered company, who needs a BAA and what happens if not on the spot. Instead, ask them to sign a confidentiality agreement. We will include these points in the confidentiality agreements we offer to our customers: direct employees of this organization do not need to sign a BAA because they are part of your organization and are not considered business partners. Yet they are still covered by HIPAA laws.

As an employer, you have a responsibility to train your staff in how to preserve the integrity and disqualification of protected health information.