Hipaa Business Associate Agreement Decision Tree
Matching contracts. The contract of a covered company or any other written agreement with its counterparty contains the elements covered in paragraph 45 CFR 164.504 (e). The contract must, for example. B Describe the authorized and necessary use of health information protected by the counterparty; provide that the counterparty will not continue to use or disclose protected health information, with the exception of the contract or the law; and require the counterpart to adopt appropriate security measures to prevent the use or disclosure of protected health information that is not provided for by the contract. If a covered entity is aware of a significant violation or violation by the counterparty of the contract or agreement, the covered entity is required to take appropriate steps to correct the violation or terminate the violation and if such measures are inconclusive, to terminate the contract or agreement. If termination of the contract or agreement is not possible, a covered company is required to report the problem to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Please consult our standard contract for business partners. Counterparties` functions and activities include: processing or managing receivables; Data analysis, processing or management Checking usage Quality assurance Settlement of accounts Benefit management Practice management and reassessment. The services provided by trading partners are: legal; actuarial; Accounting; The council data aggregation Administration From an administrative point of view Accreditation and financially. See the definition of „Business Associate“ at 45 CFR 160.103. By law, the hipaa privacy rule only applies to covered institutions – health plans, health care compensation rooms and some health care providers.
However, most health care providers and health plans do not perform all of their health activities and functions themselves. Instead, they often use the services of many other individuals or businesses. The data protection rule allows providers and covered health plans to transmit protected health information to these „counterparties“ when providers or plans receive satisfactory assurances that the counterparty uses the information only for the purposes for which it was mandated by the covered entity, which protects the information from abuse and helps the added entity fulfill some of the obligations of the entity covered under the data protection rule. Covered companies may disclose protected health information to a company in its role as a business partner only to assist the insured company in fulfilling its health missions – not for independent use or for the purposes of counterparty, unless it is necessary for the proper management and management of the counterparty. What is a business associate? „counterparty“: a person or organization that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of a covered company or that provide services to a covered business; An insured company staff member is not a business partner. A covered health care provider, health plan or health care clearinghouse may be a counterpart to another insured company. The data protection rule lists some of the functions or activities and related services that make an individual or organization a business partner when the activity or service involves the use or disclosure of protected health information. The types of functions or activities that can make an individual or organization a counterpart include payment or health transactions, as well as other functions or activities governed by administrative simplification rules.