[Option 2 – Reference to an underlying service agreement, z.B.” “as necessary to provide the services defined in the service agreement.”] This HIPAA BAA replaces all existing agreements between the parties regarding HIPAA services. In the scope of a conflict or inconsistency between the terms of this HIPAA BAA and the rest of the agreement, the terms of the HIPAA BAA agreement apply. Unless expressly amended or amended under this ENTENTE, the terms of the agreement remain fully applicable and effective. The contract should provide that the BA (or subcontractor) must take appropriate administrative, technical and physical security measures to ensure the confidentiality, integrity and availability of ePHI and meet the requirements of the HIPAA security rule. Some of these measures may be indicated in the BAA or left to the BA`s discretion. The BAA should also include authorized uses and disclosures of PHI to meet the requirements of the HIPAA data protection rule. In case people who do not have access to the PHI for advertising information, such. B as the internal violation or cyberattack, access PHI, the business partner is required to inform the entity concerned of the violation and may be required to send notifications to persons whose PHI has been compromised. The timing and reporting responsibilities should be detailed in the agreement. A HIPAA counterparty agreement is a contract between a company covered by HIPAA and a creditor used by that company. A company covered by HIPAA is usually a health care provider, health plan or clearing house in the health sector, which conducts transactions electronically. A supplier of a company covered by HIPAA, which must receive Protected Health Information (PHI) to perform tasks on behalf of the covered entity, is designated as a business partner (BA) under HIPAA.
A provider is also classified as BA when, as part of the services provided, electronicPHI (ePHI) passes through their systems. A signed HIPAA counterparty agreement must be obtained by the covered unit before a business partner can contact the PHI or ePHI. The counterparty agreement is a contract that defines the types of protected health information (PHI) made available to the counterparty, the authorized uses and disclosures of PHI, the measures to be implemented to protect this information (for example. B encryption at rest and during transfer) and the measures the BA must take in the event of a security breach, the PHI. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html From award-winning HIPAA training to contracts and agreements, we can meet your requirements so that you have protected your business. [ii] U.S. Department of Health – Human Services (HHS.gov, Health Information Privacy). Available under www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/ccdh/index.html The HIPAA Business Associate Agreement (“HIPAA BAA”) is a legal agreement between you (“you” or “you”) and Square, Inc.