Business Associate Agreement For Hipaa

[Insert an exception if the counterparty uses or discloses protected health information for data aggregation or management, as well as the counterparty`s legal responsibilities and the agreement contains provisions relating to data aggregation or management.] According to the law, the HIPC data protection rule only applies to covered companies – health plans, clearing houses for healthcare and certain healthcare providers. However, most health care providers and health plans do not perform all of their health activities and functions themselves. Instead, they often use the services of a large number of other people or companies. If there is no BAA, if it is incomplete, or if the agreement is blatantly violated, both staff members may be in the crosshairs of the Department of Health and Human Services, the Office of Civil Rights, and perhaps even the Department of Justice. But let`s be honest. It is difficult, if not impossible, to run a business without the help of third parties. Setting out external help if you need extra hands or have special needs is often useful for business. The counterparty agreement ensures that there is a custody chain for PHI. A supplier of a HIPAA-covered company must enter into a contract with the covered company and a subcontractor engaged by a counterparty is also required to enter into such a contract. . . .