HIPAA requires insured entities to cooperate only with trading partners that guarantee full protection of the PHI. These assurances must take the form of a contract or other agreement between the insured company and BA.1 Finally, failure to comply with the requirements of an agreement by a partner/subcontractor can have important consequences: counterparty contracts. The contract of a covered company or any other written agreement with its counterparty contains the elements covered in paragraph 45 CFR 164.504 (e). The contract must, for example. B Describe the authorized and necessary use of health information protected by the counterparty; provide that the counterparty will not continue to use or disclose protected health information, with the exception of the contract or the law; and require the counterpart to adopt appropriate security measures to prevent the use or disclosure of protected health information that is not provided for by the contract. If a covered entity is aware of a significant violation or violation by the counterparty of the contract or agreement, the covered entity is required to take appropriate steps to correct the violation or terminate the violation and if such measures are inconclusive, to terminate the contract or agreement. If termination of the contract or agreement is not possible, a covered company is required to report the problem to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Please consult our standard contract for business partners. HIPAA goes beyond best practices in IPI security in its requirements for partner organizations. In accordance with HIPAA`s data protection rule, health care providers are responsible for violations committed by business partners in a significant setting. Transitional provisions for existing contracts. Covered companies (excluding small health plans) that have entered into an existing contract (or other written agreement) with consideration prior to October 15, 2002 may continue to work under this contract beyond April 14, 2003 until an additional year, unless the contract is extended or amended before April 14, 2003.

This transitional period applies only to written contracts or other written agreements. Oral contracts or other agreements are not eligible for the transitional period. As part of these contracts with their counterparts, covered companies that are entitled to enter into contracts may continue to work with their counterparties until April 14, 2004 or until the renewal or modification of the contract, depending on whether the date is earlier, whether or not the contract meets the existing contractual requirements of Rule 45 CFR 164.502 (e) and 164,504 (e). A covered company must also comply with the data protection rule, for example. B only provide authorized information to the counterparty and allow individuals to exercise their rights in accordance with the rule. See 45 CFR 164.532 (d) and (e). Under HIPAA, organizations must at all times restrict and secure the ACCESS of POs within and within covered entities (and their trading partners) (i.e. when they are used, stored, transferred, removed, disposed of or reused). From award-winning HIPAA training to contracts and agreements, we can meet your requirements so that you have protected your business. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html But let`s be honest…

It is difficult, if not impossible, to run a business without the help of third parties.