Who Should Sign A Business Associate Agreement

The purpose of a matching agreement is to outline your BA`s responsibility to keep your PHI private and secure. The BAA represents the expectations and requirements of both parties – you and your BA. It is a legally binding document. General provision. The data protection rule requires that a covered entity receive satisfactory assurances from its counterparty that the counterparty adequately protects the protected health information it receives or creates on behalf of the entity concerned. Satisfactory assurances must be made in writing, either in the form of a contract or other agreement between the covered entity and the counterparty. [t]he closure by a business partner … for its own management and administration or legal responsibilities do not create any business relationship with the beneficiary of the [PHI], because such information is provided outside the role of the company as a business partner…. On the other hand, the information provided by the counterparty [PHI] to a person who assists the counterparty in the performance of a function, activity or service for a company or other counterparty may establish a business relationship depending on the circumstances.

Avoid unnecessary counterparty agreements. Unfortunately, many covered companies or counterparties seek matching agreements out of ignorance or precaution, even if these agreements are not technically necessary. Entities should avoid the execution of unnecessary counterparty agreements. they submit to contractual commitments that they would not have, but to the agreement, including compliance costs, which do not otherwise apply; Restrictions on the use of disclosure; and damage in case of non-compliance. In addition, by implementing unnecessary counterparty agreements, the entity may improperly admit that it is a trading partner and thus expose itself to HIPAA penalties for non-compliance. To avoid such situations, companies that are invited to enter into unnecessary counterparty agreements might consider reacting as follows: this is a fairly intuitive idea: in essence, if both organizations accept that they are under HIPAA, they cannot apologize for their responsibility by saying that they should not comply with the HIPAA regulation. Instead, ask them to sign a confidentiality agreement. We include these points in the confidentiality agreements we offer our customers: as an organization covered by HIPAA, you know that most of your suppliers are also BAs.