Business Associate Agreement Assignment
One of the most recent implementation trends by the agency`s Office of Civil Regulations (OCR) implementing HIPAA ensures that covered companies have entered into hipAA-compliant counterparty agreements. In 2017, a covered company was fined $31,000 for failing to enter into a business agreement with one of its identified business partners. Covered companies must not only enter into HIPAA-compliant counterparty agreements, but must also perform appropriate due diligence for these companies. Reviewing counterparty security risk audits and HIPAA policies and procedures is a good way to evaluate a counterparty`s HIPAA compliance program. In addition to due diligence for your trading partners, it is important to negotiate terms of sale to provide protection to businesses covered under the agreement. Other conditions, often added, include the language of compensation, the choice of legislation, no third-party beneficiaries, no right to transfer rights under the agreement, termination rights to the agreement, deadlines and requirements related to notification of offences and notification of persons, as well as insurance requirements, among others. However, in some cases, it is not so clear when a counterparty agreement is needed or not. For example, a covered company that is already required to comply with HIPAA may act as a counterparty for another covered entity and must therefore enter into a counterparty agreement. This is common practice when a covered company provides administrative services to another provider. As a result, medical directors are often considered business partners because of the provision of non-treatment-related services, including the administrative and administrative services of the medical director. If the medical director is treated as a staff member of the insured company, a matching agreement may not be necessary, as it is part of the exclusion of staff. Address the termination of the contract and, where possible, the restitution or destruction of all protected health information that the consideration returns or destroys on behalf of the company concerned that the counterparty still owns, and do not keep copies of that information or, if this restitution or destruction is not possible, extend the protection of the contract to the information and limit the subsequent uses and disclosures for the purposes , restitution or destruction of the infeasibility of information; and, as an in-house counsel, it is important to understand whether a particular contract between an insured company and a seller or contractor requires a matching agreement. In this quick advice, I will briefly address who are trading partners, what elements of a counterparty agreement are needed and the risks are managed by counterparty agreements.
7. Third-party agreements. Business Associate must enter into an agreement with any Business Associate representative or subcontractor who has access to PHI, received or created or received by Business Associate on behalf of the covered unit.