What To Look For In A Business Associate Agreement
Just prior to the announcement of the amca disaster in early June, the OCR released a fact sheet on the compliance of trading partners to highlight the importance of trading partners in preserving patient privacy across the health sector. The OCR continues to impose the problem, as partners handle a large amount of information and the size of potential violations is significant. 2. Staff members of a company. A company`s staff members are not business partners of the company, including “employees, volunteers, interns and others whose conduct while performing work for an insured company or counterparty is under the direct control of that unit or consideration, whether or not they are paid by the insured unit or by a consideration.” CFR 160.103). In order to avoid counterparties` obligations, contractors may attempt to be classified as staff members of the covered company. The OCR indicated: Business Associate functions and activities include: processing or managing claims; Data analysis, processing or management Checking usage Quality assurance Settlement of accounts Benefit management Practice management and reassessment. The services provided by trading partners are: legal; actuarial; Accounting; The council data aggregation Administration From an administrative point of view Accreditation and financially. See the definition of “Business Associate” at 45 CFR 160.103. BAA Compliance Checklist. In accordance with HIPAA data protection and security rules, BAAs should normally include the following conditions.6 To the extent that the counterparty enters a BAA with its subcontractors, these bacs subcontractors should also include equivalent conditions.7 Answer: No, you are a business partner because PHI is more than a medical diagnosis (or complaint). A single name or phone number, in conjunction with a request for health care is PHI, and answering the phone for a “received” PHI care provider. Question: I have a response system company and we never hear medical information, only a patient`s name and number for a recall.
Doesn`t that mean that we don`t receive protected health information, so we`re not a business partner, but just a regular provider? (78 FR 5574). These “reasonable assurances” can be obtained through a limited confidentiality agreement; a full-fledged counterparty agreement is not necessary. 5. If the counterparty uses subcontractors or other entities to provide services to the registered business in which PHI is involved, you enter into matching agreements with the subcontractors. (45 CFR 164.314 (a) and 164,504 (e)). The direct staff of this organization are not required to sign an BAA because they are part of your organization and are not considered a business partner. Yet they are still covered by HIPAA laws. As an employer, you have a responsibility to train your staff in how to preserve the integrity and disqualification of protected health information. More and more technology companies – even subcontractors – are being asked to sign business contracts by working with companies covered by HIPAA. Here are some tips that will help you navigate the complex world of business agreements: the agreement should also indicate how the partner imposes compliance.