Hipaa Privacy Agreement

Step 3 – The state whose laws govern the agreement must be indicated. Exceptions to the Business Associate Standard. The confidentiality rule contains the following exceptions to the counterparty standard. See 45 CFR 164.502(s). In such situations, the entity concerned shall not be required to enter into a counterparty contract or any other written agreement before the protected health information can be transmitted to the natural or legal person. You can obtain this agreement either as an Adobe PDF file or as an MS Word document (.docx) by simply selecting the link below. If you don`t have the compatible software to change this on the screen, you can open it as an Adobe file with an updated browser and then print it. If you fill it out manually, make sure that all the information presented is perfectly legible. Once covered companies, counterparties and counterparty subcontractors have identified their mutual relationships, it is necessary to ensure that third parties protect the PHI they receive. A signed agreement certifies that the BA knows that it must manage PHI safely.

For these types of employees who are not business partners, Total HIPAA recommends that if the „collaborator“ is a contractor who works exclusively for your company or an individual contractor with other customers, you cannot expect the person to establish data protection and security policies and procedures such as a BA or BAS. There is no sense in asking them to sign a BAA or a subcontractor BAA, as they do not have the compliance infrastructure required by HIPAA. Ask them to sign a confidentiality agreement. We insert these points into the confidentiality agreements we provide to our customers: Ultimately, non-compliance with the requirements of an agreement by a partner/subcontractor can have a significant impact: HHS can control BAs and HIPAA compliance subcontractors, not just the companies covered. This means that organizations must have a Business Association Agreement (BAA) for all three levels in order to meet HIPAA requirements. It is in your primary interest to have an agreement, since all three classifications are responsible for the protection of IHP. . . .


Comments are closed.