standard Baa Agreement Healthcare

A HIPC counterparty agreement is a contract between a HIPC entity and a supplier that is used by that entity. A unit covered by the HIPC is typically a health care provider, health plan or health care clearing house that conducts transactions electronically. A supplier to a HIPC entity that needs to receive protected health information (IHP) to perform tasks on behalf of the covered entity is designated as a counterparty (BA) under the HIPC. A provider is also considered BA when the PHI electronic services (ePHI) pass through its systems as part of the services provided. A counterparty agreement signed by the HIPC must be obtained from the covered entity before a counterparty can contact PHI or ePHI. The BAA template provided here (add the tk link to pdf) is generalized. Any real use of such an agreement requires adaptation to the specific needs of the organization. Here are some additional thoughts that a company can take into account when drawing up its own specific contract. The problem for many covered companies is that they are not always sure who a HIPC counterparty agreement applies. The Department of Health & Human Services defines a counterparty as “a natural or legal person who performs certain functions or activities that involve the use or disclosure of protected health information on behalf of or that provides services to a covered entity.” There are many HIPAA counterparty agreement models, but one must be careful before they are used.

Before using such a template, it is important to check for whom this template was designed to make sure it is relevant. It should also be customized to include all requirements defined by the covered entity. Counterparty contracts. A covered company`s contract or other written agreement with its counterparty must contain the elements referred to in 45 CFR 164.504(e). For example, the contract must: describe the permitted and necessary use of the health information protected by the counterparty; provide that the counterparty does not use or disclose protected health information other than to the extent permitted, prescribed or prescribed by law; and request the counterparty to take appropriate security measures to prevent protected health information from being taken into account other than the contract or contract. Where a covered undertaking is aware of a breach or material breach of the contract or agreement by the counterparty, the covered undertaking shall be obliged to take appropriate measures to remedy the infringement or to bring the infringement to an end, and if such measures fail to terminate the contract or agreement. . .