Business Associate Agreement
The contract should provide that the counterparty must take appropriate administrative, technical and physical security measures, in accordance with the security rule, in order to ensure the confidentiality, integrity and availability of ePHI. Contracts may also be formatted to describe in detail the relationship between a covered entity and a counterparty, as well as the relationship between two counterparties. Unlike most contracts, a HIPAA counterparty agreement does not necessarily protect a covered company from financial penalties for violating PHI. If, prior to the conclusion of a contract, a covered enterprise does not obtain assurance that a counterparty is able to work in a HIPC-compliant setting and is subsequently in breach of PHI, the relevant enterprise may be held liable for the breach. 7. Contractors who work exclusively for your company, people with other customers and employees hired through a company are not business partners. However, your company is liable if any of these people contravene PHI. 1. Determine the permitted and necessary uses and disclosures of health information protected by the counterparty.
. . .