A business partner is any person, agency or organization that receives protected health information to perform a service on behalf of a covered entity. 2.10 Administration and administration. Business Associate undertakes to use or disclose PHI received as a counterpart for its own activities by Covered Entity only if: (a) the use relates to the proper management and management of Business Associate, or exercises the legal responsibilities of the counterparty or provides data aggregation services related to the medical operations of the covered entity; or b) disclosure of information received as such is related to Business Associate`s provision of services specified in a service contract, and such disclosure is required by law, or Business Associate receives from the person to whom the information is disclosed, the assurance that it will be treated confidentially, and the person also undertakes to inform business associate of a security incident or violation. For more information on how HIPAA defines listed companies and business partners, visit the us department of Health and Human Service website. In practice, business partners must train their staff under HIPAA rules. The documentation of these trainings can help prevent hip-hop offences and avoid accusations of deliberate negligence. A lawyer can help you develop training modules and explain how to complete training programs. d) Survival. The counterparty`s obligations under this section also apply after the end of this agreement. All covered companies that intend to share protected health information with a third-party provider must establish a HIPAA-compliant counterparty agreement before declaring themselves ready to conduct joint transactions. The HhS Office for Civil Rights has imposed numerous fines for contractual errors committed by trading partners.
In investigations into data protection and complaint violations, the OCR found that the following covered companies had not received at least one PROVIDER from a HIPAA-signed BAA. This was either the sole reason for the fine or the additional injury contributed to the heaviness of the fine. This is just one example of language and the use of these examples is not necessary to comply with HIPAA rules. The language may be modified to more accurately reflect trade agreements between a counterparty or counterparty or subcontractor.