When A Business Associate Agreement Is Required

As an in-house consultant, it is important to understand whether a specific contractual relationship between an insured company and a lender or contractor requires a counterparty agreement. In this quick advice, I will briefly address who are trading partners, what elements of a counterparty agreement are needed and the risks are managed by counterparty agreements. The BAA places the responsibility for protecting the PHI directly on the shoulders of the service provider when the information is in its hands. A BAA is a signed document that confirms the willingness of a third-party supplier to take responsibility for the safety of your customers`PHI, to comply with appropriate security measures and to meet hipaa requirements when dealing with PHI on your behalf. BAAs are necessary if you are a covered company. Be sure to follow the BAA`s signature process and submit it to a safe and accessible location. If your practice has already been verified or affected by a data breach, you should quickly find the document to demonstrate the steps you have taken to protect your customers` PHI and HIPAA compliance. A covered entity may only allow a counterparty to produce, receive, maintain or transmit electronically protected health information on behalf of the covered entity if the covered entity receives satisfactory assurances that a counterparty agreement gives it satisfactory assurances that the counterparty adequately protects the information. A counterparty agreement must include the elements indicated in paragraph 45 CFR 164.504 (e) and listed below: a counterparty contract or business association agreement is a written agreement defining each party`s responsibilities with respect to POs. The Health Insurance Portability and Accountability Act of 1996 („HIPAA“) stipulates that covered companies must enter into contracts with their trading partners to ensure that counterparties properly protect protect protected health information („PHI“).

Counterparties who mandate contractors for certain functions related to the PHI are also required to enter into co-partner contracts with their subcontractors.