A HIPAA business association agreement should not be a stand-alone contract. The language of an BAA can be summarized in data security agreements, master service agreements or terms of service. Covered companies may be fined for not entering into a HIPAA counterparty agreement or for entering into an incomplete agreement – while HITECH 78 FR 5574 AAS are required to comply with the HIPAA safety rule, even if no HIPAA counterparty agreement is reached. There are a few exceptions to the requirement to sign a counterparty agreement. These include specialists to whom a hospital refers a patient and transmits the patient`s medical card for treatment, laboratories to which a physician discloses a patient`s PPH for treatment, and the disclosure of PHI to a health plan sponsor, such as an employer, through a collective health plan. Instead, ask them to sign a confidentiality agreement. We insert these points into the confidentiality agreements we offer to our clients: in the simplest case, a business association agreement (BAA) is a legal contract between a health care provider and a person or organization that, as part of its services to the provider, receives, transmits or stores protected health information (PHI). Whether you prefer to call it business associate agreement or, like HIPAA, business Associate Contract, they are both ways an important part of an organization`s efforts to be HIPAA compatible. Below, we`ve put together the basic components and definitions of a HIPAA business association agreement model that you can browse.

Keep in mind that ACCORDS are legally binding agreements, so it`s best to have a designated security officer, lawyer or HIPAA compliance solution that will help you navigate these contracts. Some covered companies have taken a “safer than sad” approach to addressing their definitional problems, and have entered into agreements with all the companies with which they have business relationships, whether necessary or not. Recent studies funded by the California Healthcare Foundation have shown that many companies unnecessarily enter into agreements with other covered companies and also enter into agreements with suppliers who did not have access to the PHI and would probably never do so. In one case, a covered company asked its landscaper to sign a HIPAA business partnership agreement. Counterparties` functions and activities include: processing or managing receivables; Data analysis, processing or management Checking usage Quality assurance Settlement of accounts Benefit management Practice management and reassessment.