In the event of a violation or non-compliance with a BAA by a counterparty/subcontractor, the covered unit must take appropriate measures to remedy the infringement or terminate the infringement. “If such measures fail, they must terminate the contract or agreement,” HHS explains. “If termination of the contract or agreement is not possible, a covered entity is required to report the issue to the HHS Office for Civil Rights.” 1 (OCR Frequently Asqued Questions (“FAQ”), available under www.hhs.gov/ocr/privacy/hipaa/faq/index.html). Similarly, “the simple sale or provision of software to a registered business does not result in a business relationship if the seller does not have access to the [PHI] of the registered business.” (Id.) Companies wishing to avoid counterparty obligations may wish to include in their service contracts a provision confirming that phi is not required to perform its functions and that their customers, who are registered companies or counterparties, do not make available to the company POs (or, as explained below, unencrypted POs) without the prior approval of the entity. Business contracts are not optional! HIPAA requires you to sign the BAA with your business partner before sharing PHI with them. This will help you avoid a data breach, as well as penalties for not having a BAA on site. Counterparty agreements are the cornerstone of HIPAA-compliant supplier relationships. An important part of responsible supplier and contract management is to update and update your documents. On the HIPAAtrek platform, you can create, negotiate and sign your BAAs. With HIPAAtrek, you can rest assured that you haven`t missed any steps.
Contact us to find out more. Finally, failure to comply with the requirements of an agreement by a partner/subcontractor could have important consequences: the BAA model (tk-link to pdf) is widespread. Any effective use of such an agreement requires adaptation to the specific needs of the organization. There are only a few more thoughts here that a company could consider when developing a specific contract. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html Not all doctors need a BAA.