You can find a broader overview of HIPAA in our contribution on HIPAA FAQs. Direct employees of this organization do not need to sign a BAA, as they are part of your organization and are not considered business partners. This means that they are still covered by HIPAA laws. As an employer, you are responsible for training your employees on how to maintain the integrity and sanctity of protected health information. Unlike most contracts, a HIPAA counterparty agreement does not necessarily protect a covered company from financial penalties for violating PHI. If, prior to the conclusion of a contract, a covered enterprise does not obtain assurance that a counterparty is able to work in a HIPC-compliant setting and is subsequently in breach of PHI, the relevant enterprise may be held liable for the breach. The intention of the rule is to ensure that a counterparty cannot terminate data protection restrictions by withdrawing a contract from a third party. If the counterparty is not allowed to make a use or disclosure, neither are its subcontractors. Counterparty agreements are the cornerstone of HIPC-compliant supplier relationships. An important part of responsible supplier and contract management is updating and updating your documents. From the HIPAAtrek platform, you can create, trade and sign your BAAs. With HIPAAtrek, you can rest assured if you know you haven`t missed a step.
Contact us to find out more. HHS can verify the compliance of BAs and subcontractors, not just covered entities. This means that organizations must have a Business Association Agreement (BAA) for all three levels in order to meet HIPAA requirements. It is in your primary interest to have an agreement, since all three classifications are responsible for the protection of IHP. . . .