However, the tables rotate when and if it can be proven that you were aware of the offence. HIPAA rules require companies that discover a trade partner violation must either correct the error or terminate the BAA. If they do not, they share responsibility for the offence with the employee. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) stipulates that covered companies must enter into contracts with their trading partners to ensure that counterparties properly protect protect protected health information (“PHI”). Counterparties who mandate contractors for certain functions related to the PHI are also required to enter into co-partner contracts with their subcontractors. This article provides an overview of the rules for counterparty agreements. Matching contracts. The contract of a covered company or any other written agreement with its counterparty contains the elements covered in paragraph 45 CFR 164.504 (e). The contract must, for example. B Describe the authorized and necessary use of health information protected by the counterparty; provide that the counterparty will not continue to use or disclose protected health information, with the exception of the contract or the law; and require the counterpart to adopt appropriate security measures to prevent the use or disclosure of protected health information that is not provided for by the contract.
If a covered entity is aware of a significant violation or violation by the counterparty of the contract or agreement, the covered entity is required to take appropriate steps to correct the violation or terminate the violation and if such measures are inconclusive, to terminate the contract or agreement. If termination of the contract or agreement is not possible, a covered company is required to report the problem to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Please consult our standard contract for business partners. However, if the covered entity has performed its due diligence prior to the conclusion of an agreement, these situations are rare. Assuming that the covered company is diligent, it is unlikely that the covered business will be guilty if a supplier violates the BAA and in any way violates HIPAA. If the creditor signs the document, he assumes responsibility for safeguarding the PHI. Counterparties are any organization or person who establishes, transmits, receives or entertains PHI on behalf of an insured business or on behalf of the counterparty of an insured business. Exceptions to the Business Associate Standard.