It is also worth drawing the attention of a business partner to the consequences of non-compliance with HipAA requirements. Counterparties may be sanctioned directly by supervisory authorities for HIPC infringements. In addition to the provisions required by the HIPC, one Party may wish to include additional safeguard measures. For example, an affected entity may include a compensation provision to protect itself when a counterparty is the victim of a security breach involving the PHI of the covered company. Transitional provisions for existing contracts. Covered companies (with the exception of small health plans) that entered into an existing contract (or other written agreement) with counterparty before October 15, 2002 may, under this contract, be permitted for up to an additional year regarding the compliance date of 14 Unless the contract is renewed or amended before April 14, 2003. 2003. This transitional period applies only to written contracts or other written agreements. Oral contracts or other arrangements are not eligible for the transition period. Entities covered by eligible contracts may continue to operate under such contracts with their counterparties until April 14, 2004 or April 14, 2004 or until the renewal or amendment of the contract, whichever is earlier, whether or not the contract meets the applicable contractual requirements under 45 CFR 164.502(e) and 164.504(e). Otherwise, a data subject entity must comply with the data protection rule, for example.B. only make permitted advertisements towards the counterparty and allow individuals to exercise their rights in accordance with the rule.

See 45 CFR 164.532 (d) and (e). The BAA template provided here (add the tk link to pdf) is generalized. Any real use of such an agreement requires adaptation to the specific needs of the organization. Here are some additional thoughts that a company can take into account when drawing up its own specific contract. Exceptions to the Business Associate Standard. The confidentiality rule contains the following exceptions to the counterparty standard. See 45 CFR 164.502(s). In such situations, the entity concerned shall not be required to enter into a counterparty contract or any other written agreement before the protected health information can be transmitted to the natural or legal person. In the simplest, a Business Association Agreement (BAA) is a legal contract between a healthcare provider and a person or organization that, as part of its services, obtains, transfers or stores protected health information (Phi) as part of its services. Whether you prefer to call it a business associate agreement or, like HIPAA, call it a business associate agreement, in one way or another, they are a critical component of a company`s efforts to be HIPAA compliant. Below, we`ve gathered the basics and definitions of a HIPAA business agreement template that you can browse….