Unlike most contracts, a HIPAA counterparty agreement does not necessarily protect a covered company from financial penalties for violating PHI. If, prior to the conclusion of a contract, a covered enterprise does not obtain assurance that a counterparty is able to work in a HIPC-compliant setting and is subsequently in breach of PHI, the relevant enterprise may be held liable for the breach. General provision. The data protection rule requires that a covered entity receive satisfactory assurances from its counterparty that the counterparty adequately protects the protected health information it receives or produces on behalf of the covered entity. Satisfactory assurances must be made in writing, whether in the form of a contract or other agreement between the covered entity and the counterparty. A counterparty (BA) is defined as an organization that can obtain PHI from a covered entity. These include healthcare providers who collaborate with hospitals, healthcare software, productivity software such as CRM solutions or accounts or auditors who have protected health information. Providers may have their own business partners, for example.B. Cloud providers and software providers. Learn how HIPAA is managed under AWS BAA.
Ask them to sign a confidentiality agreement. We insert these points into the confidentiality agreements we offer our customers: BAAs both comply with HIPAA rules and create an obligation of liability between both parties. If one party violates a BAA and discloses PHI, the other party has a lawsuit. If there is no BAA, if it is incomplete, or if the agreement is blatantly violated, both staff members may be in the crosshairs of the Department of Health and Human Services, the Office of Civil Rights, and perhaps even the Department of Justice. «counterparty» has the same meaning as the definition of counterparty in 45 CFR 160.103. Neither party is entitled to re-elect this agreement without the written consent of the other party. As with most contracts, the other party can appeal for a breach of the agreement. Unlike most contracts, both parties can be in trouble with the federal government if a BAA does not exist, is not complete, or is violated. The intention of the rule is to ensure that a counterparty cannot terminate data protection restrictions by withdrawing a contract from a third party. .