What Is A Business Associate Agreement Under Hipaa

Instead, ask them to sign a confidentiality agreement. We include these points in the confidentiality agreements we offer to our customers: The Business Partnership Agreement ensures that there is a chain of custody for phi. A hipaa covered company supplier must enter into a contract with the covered entity, and a subcontractor employed by a business partner is also required to enter into such a contract. A subcontractor is a business partner of a business partner and is not covered by the BA/Covered Entity contract. Before access to PSRs is allowed, a separate contract must be signed. The chain can be long and the further ePHI is from the covered entity, the higher the risk of HIPAA trade partnership agreement violations. BAAs must be signed by all covered entities when their trading partner processes PSRs that first pass through the covered entity. A [BA] is also a subcontractor who creates, receives, retains or transmits protected health information on behalf of another [BA]. The HIPAA Privacy Policy describes the types of entities covered by HIPAA and the entities that must follow HIPAA security and privacy policies. The main categories are clearing houses, covered entities (EC) and counterparties. The further away the subcontractor is from the covered entity, the more confusion there is as to who is really a business partner and who should sign a business partnership agreement.

But first, let`s define what exactly HIPAA rules qualify as a Business Associate (BA). According to the Department of Health and Human Services (HHS) guidelines, a BA is: Some covered companies have taken a “better prevention than cure” approach to solving their definition problems and have entered into agreements with all the companies with which they have business relationships – whether required or not. Recent research funded by the California Healthcare Foundation found that many companies unnecessarily break agreements with other covered companies and also cancel agreements with providers who did not have access to PSR and probably would never do so. In one case, a covered company asked its landscaper to sign a HIPAA business partnership agreement.