Finally, failure to meet the requirements of an agreement by a partner/subcontractor could have a significant impact: contractors who work exclusively for your company, individuals with other customers and employees hired through a company are not business partners. However, your company is liable if one of these people violates the PHI. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html you need to be able to identify your employee classification before you know what HIPAA requires. Under the definition of the Health Information Portability and Accountability Act (HIPAA), a business partner is any organization or person that works in relation to a covered unit or provides services that generate, process or divid protected health information (PHI). If there is no BAA or it is incomplete, or if it is injured, then both employees may be in hot water with HIPAA and other FDA rules. Once you and your business partner have signed the BAA, the signature will be valid until there is a substantial change to alS that requires a change in the BAA. Make sure you and your BA signs and BAA date and document your comments. Business contracts are not optional! HIPAA requires you to sign the BAA with your business partner before sharing PHI with them. This will help you avoid a data breach, as well as penalties for not having a BAA on site. Counterparties are any organization or person who establishes, transmits, receives or entertains PHI on behalf of an insured business or on behalf of the counterparty of an insured business. The guide below contains the basics of BAAs, including the need, if necessary, what needs to be put in one, and a HIPAA business agreement model (PDF) for 2017. There are a few exceptions to the requirement to sign a counterparty agreement. These include specialists to whom a hospital refers a patient and transmits the patient`s medical card for treatment, laboratories to which a physician discloses a patient`s PPH for treatment, and the disclosure of PHI to a health plan sponsor, such as an employer, through a collective health plan.
If you hire a subcontractor and the contractor comes into contact with a PHI, you must execute a BAA between the two of you. The data protection rule stipulates that all counterparty contractors must consent to restrictions identical to those of the original counterparty.