2. Citizens` Rights Office. Direct liability of counterparties. The content was last reviewed on May 24, 2019. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/factsheet/index.html. OCR has developed a model that can be useful for covered entities when responding to the request for the counterparty list. Selected people can, but are not required, use the following template. Ultimately, who is responsible, within the framework of business association agreements (ASAs), for keeping an overview of business associates (BAs)? In the past, HIM experts have addressed data protection issues and it is important that those involved in data protection have a good understanding of the related security requirements, possible digital solutions and additional responsibilities that require ownership. Below is a list of specific information that OCR has provided. The undertakings collected should provide the information requested in good conscience and indicate the name and types of services provided by each counterparty. Please indicate a second contact person if this information is available.

Covered entities responding to the request must identify each element for each counterparty. Tracking your Business Associate Agreements (BAAs) is important, but what information is important to document and maintain? We will look at what the details of continuing your BAAS are and why. Ultimately, who is responsible, within the framework of business association agreements (ASAs), for keeping an overview of business associates (BAs)? The management of the organization? Health Information Management (HIM) staff? Careful? That`s right? Legally? Also, who has the master list and who has confirmed that there is a signed agreement for each entity that accesses protected health information (PHI) in your system? According to the law, the HIPC data protection rule only applies to covered companies – health plans, clearing houses for healthcare and certain healthcare providers. However, most health care providers and health plans do not perform all of their health activities and functions themselves. Instead, they often use the services of a large number of other people or companies. The data protection rule allows covered providers and health plans to transmit protected health information (PHI) to these “counterparties” if the providers or plans receive satisfactory assurances that the counterparty uses the information only for the purposes for which it was mandated by the covered entity, protects the information from abuse and helps the covered company to meet some of the obligations of the covered company. data protection legislation. [1] It is essential to monitor violations of BAA agreements and the correction of the resulting problems, i.e. termination of the contract and processing of protected health information in this case. It is also important to verify whether valid and current BAAs exist at all providers under the HIPAA definition of a counterparty. Compliancy Group`s web-based HIPAA compliance solution, The Guard™, has built-in tracking for BAs as well as a Business Agreement Template (BAAs) that can be managed with a simple online login.

The Guard also contains all the elements necessary to conduct a thorough self-assessment of user organizations, with documentation and repair plans built in, to address gaps or deficiencies in their HIPAA compliance. But there are important considerations that go beyond costs. Healthcare organizations that choose to use external providers for services that require access to PHI increase their risk of infringement. If the functions or activities that the providers perform involve the use or disclosure of IHP, they may be considered ASAs in accordance with the HIPC confidentiality rule. This classification requires that the covered business receive “satisfactory assurances” that the counterparty (seller) adequately protects the PHI. . . .

Comments are closed.