If you hire a contractor and process PHI that goes through your business first, you must sign a BAA with that contractor. Your business partners must then sign HIPAA contract forms with their business partners. To be simple, a business partner is a person or organization that interacts with PHI through a covered entity or other business partner. If a member violates a BAA, there is another avenue of redress. If there is no BAA or it is incomplete, or if it is injured, then both employees may be in hot water with HIPAA and other FDA rules. Once you and your business partner have signed the BAA, the signature will be valid until there is a substantial change to alS that requires a change in the BAA. Make sure you and your BA signs and BAA date and document your comments. Counterparties` functions and activities include: processing or managing receivables; Data analysis, processing or management Checking usage Quality assurance Settlement of accounts Benefit management Practice management and reassessment. The services provided by trading partners are: legal; actuarial; Accounting; The council data aggregation Administration From an administrative point of view Accreditation and financially. See the definition of “Business Associate” at 45 CFR 160.103. In particular, when they provide services or technologies to a covered company (for example. B a hospital) or another business partner as a subcontractor (. B for example, a PaaS provider such as Datica), counterparties process, process, transfer or interact in some way with protected electronic health information (ePHI) of these companies.

With this PHI access, all business partners must sign a Business Associate Agreement (BAA). The BAA is a legal contract that describes how the business partner joins HIPAA, as well as the responsibilities and risks it assumes. But let`s be honest… It is difficult, if not impossible, to run a business without the help of third parties. Hiring outside help when you need extra hands or if you have special needs is often made sense by business. BAAs must be signed by all covered entities when their trading partner processes PHI, which first passes through the covered entity. There is a list of the features covered below. More information can be found on the HHS.gov page on hipaa Covered Entities. In the event that PHI is accessed under the responsibility of the counterparty by persons who are not authorized to post the information, the counterparty is required to notify the entity concerned of the violation and may be required to send notifications to persons whose PHI has been compromised.