Business Associate Agreement When Needed

Counterparties` functions and activities include: processing or managing receivables; Data analysis, processing or management Checking usage Quality assurance Settlement of accounts Benefit management Practice management and reassessment. The services provided by trading partners are: legal; actuarial; Accounting; The council data aggregation Administration From an administrative point of view Accreditation and financially. See the definition of “Business Associate” at 45 CFR 160.103. For some credit institutions, you only need a Service Level Contract (SLA). However, for lenders that create, receive, manage or transfer POs on behalf of your organization (“business partners”), you must have an associate agreement next to ALS. Even if your provider can`t view the PHI (z.B because it`s encrypted), you still need a BAA with it. The Department of Health and Human Services for Civil Rights (HHS/OCR) can impose hefty fines and remedial measures if you do not have a BAA with your AADs. In addition, if HHS/OCR monitors your organization, you must be able to provide your matching agreements and prove that you have performed due diligence with your AAS. A business partnership contract is a written agreement that defines each party`s responsibilities with respect to PHI. It`s like a chain that follows the PHI from the first link in the chain, which is the covered entity. The following link would be the trading partner and all their subcontractors (including trading partners) would be the following links. Think of subcontractors as business partners. The BAA follows the direct path of the chain.

A covered company is therefore not required to sign an BAA with the subcontractors of its trading partners, but it is the business partner that is. An entity that owns [PHI] on behalf of an insured company is a business partner and not a channel, even if the entity does not actually look at the [PHI]. We recognize that in both situations, the entity that provides the service to the covered entity has the ability to access the [PHI]. However, the difference between the two situations lies in the temporary nature and the sustainable nature of this opportunity. For example, a data storage company that has access to [PHI] (digital or paper) is classified as a business partner, even if the entity does not look at them or looks at them only randomly or in a rare way. For example, document storage companies that manage [PHI] on behalf of covered companies are considered counterparties, whether or not they have access to the information they retain or not. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html Business Associate Agreements is the cornerstone of HIPAA compliant supplier relationships.