Sample Business Associate Agreement Hipaa
In the event of a violation or non-compliance with a BAA by a counterparty/subcontractor, the covered unit must take appropriate measures to remedy the infringement or terminate the infringement. « If such measures fail, they must terminate the contract or agreement, » HHS explains. « If termination of the contract or agreement is not possible, a covered entity is required to report the issue to the HHS Office for Civil Rights. » 1 A HIPAA Business Association Agreement (BAA) is a written contract that exposes both the responsibilities of the covered company and the counterparty with respect to confidential and personally identifiable health information – and differs legally from a confidentiality agreement. HIPAA does not indicate which party should pay for notification of violations. A covered entity may delegate payment liability to the counterparty. A lawyer may review the text of this provision in response to business practices. All covered companies that intend to share protected health information with a third-party provider must establish a HIPAA-compliant counterparty agreement before declaring themselves ready to conduct joint transactions. Some covered companies require counterparties to send written confirmation that all copies of PHI delivered by the covered entity to companies destroyed by counterparties have been destroyed. A lawyer may add this condition if desired by a covered unit. To protect PIs, a safety rule must be established and safety measures put in place.
For example, a comprehensive security risk analysis of the activities of a registered entity and counterparty should be conducted before one of the parties is authorized to process and transfer PRIs. NOW THEREFORE, taking into account these premises and the following mutual commitments and agreements: [Option 2 – Reference to an underlying service agreement, for example.B. »] « as necessary to provide the services defined in the service agreement. »] The BAA defers the legal risk of the insured unit to the counterparty. A company that signs the BAA and is not a « business associate » remains subject to contractual liability, disclosure restrictions, compliance fees and penalties for non-compliance – risks that can be discussed with a lawyer.