search

For which of the following is a business associate contract not required

1 years ago
Comments: 0
Views: 90

The HIPAA Privacy Rule requires all Covered Entities to have a signed Business Associate Agreement (BAA) with any Business Associate (BA) they hire that may come in contact with PHI.

Show

The HIPAA Omnibus Rule changed how BAs and Business Associate Subcontractors (BAS) can be held liable for potential HIPAA violations. Therefore, it is in the Covered Entity’s and the BA’s best interest to maintain a thorough understanding of their relationship and how they expect one another to secure patient, client, or employee data.

But let’s face it, running a business without any help from third parties is difficult, if not impossible. Hiring outside help when you need extra hands or have special needs often makes good business sense.

Who is a Business Associate or a Business Associate Subcontractor and what needs to be in the agreement between these businesses?

This week, we discuss the requirements of a BA and BAS and the specifics of a Business Associate Agreement (BAA). Before we break down the details of classifying your vendors, take a look at this infographic to get an understanding of the differences among Covered Entities, Business Associates, and Business Associate Subcontractors.

For which of the following is a business associate contract not required

What is a Business Associate Agreement?

A Business Associate Contract, or Business Associate Agreement, is a written arrangement that specifies each party’s responsibilities when it comes to PHI.

HIPAA requires Covered Entities to only work with Business Associates who assure complete protection of PHI. These assurances have to be in writing in the form of a contract or other agreement between the Covered Entity and the BA.1

HHS can audit BAs and Subcontractors for HIPAA compliance, not just Covered Entities. This means that organizations must have a Business Associate Agreement (BAA) for all three levels in order to meet the requirements of HIPAA. It’s in both of your best interests to have an agreement since all three classifications are responsible for protecting PHI.

The Business Associate/Subcontractor Agreement must include the following information, according to HHS:

  • Describe the permitted and required PHI uses by the Business Associate/Subcontractor
  • Provide that the Business Associate/Subcontractor will not use or further disclose PHI other than as permitted or required by the contract or as required by law;
  • Require the Business Associate/Subcontractor to use appropriate safeguards to prevent inappropriate PHI use or disclosure

Once Covered Entities, Business Associates, and Business Associate Subcontractors have identified their relationship with one another, it is necessary to ensure that any third-parties will guard the PHI they receive. A signed agreement documents that the BA knows they must safely handle PHI. 

Understanding Who Your Business Associates and Business Associate Subcontractors Are

Who are Your Business Associates?

You need to be able to identify the classification of your workforce before you know what HIPAA requires. As defined by the Health Information Portability and Accountability Act (HIPAA), a Business Associate is any organization or person working in association with or providing services to a Covered Entity who generates, handles, or discloses Protected Health Information (PHI).2

Potential Business Associates are people or companies like:

  • Accounting or consulting firms
  • Cloud vendors
  • Consultants hired to conduct audits, perform coding reviews, etc.
  • Lawyers
  • Medical equipment service companies handling equipment that holds PHI
  • Translator services
  • Shredding services
  • File sharing vendors
  • Information Technology vendors

According to HHS, Covered Entities may only disclose PHI to an entity to help carry out its healthcare functions, not for the Business Associate’s independent use or purposes.”1 For example, a Business Associate/Subcontractor cannot use the PHI from the Covered Entity for its own email campaign.

Who are Business Associate Subcontractors?

A Business Associate Subcontractor is a person or entity to which a Business Associate delegates a function, activity or service.3 While a Covered Entity receives help from a Business Associates, BAs employ their own help. HIPAA refers to these people and companies as Business Associate Subcontractors.

Similarly, Business Associates must have a Business Associate Subcontractor Agreement with their BASs. The BA and BAS Agreements are almost identical, so the primary difference is the definition of the category. 

Who is not considered a Business Associate/Subcontractor?

Business Associate/Subcontractor exceptions include, but are not limited to, the following examples considered ‘conduits’ for PHI:

  • Internet Service Providers
  • US Postal Service
  • and other courier services1

Contractors and Confidentiality Agreements

Contractors working exclusively for your company, individuals with other clients, and workers hired through a business are not Business Associates. However, your company is responsible if one of these individuals breaches PHI.

For these types of employees who are not Business Associates, Total HIPAA recommends this: If the “employee” is a contractor working exclusively for your company or a sole proprietor with other clients, you cannot expect the individual to generate policies and procedures for privacy and security like a BA or BAS. It is meaningless to ask them to sign a BAA or a Subcontractor BAA because they will not have the compliance infrastructure required by HIPAA.

Instead, ask them to sign a confidentiality agreement. We include these items in the confidentiality agreements we provide for our clients:

  • Firstly, clarify the type of information the agreement covers.
  • What type of information cannot be copied or modified?
  • Information must be returned upon employer’s request
  • Disciplinary action for persons responsible for a breach of confidential information

Additionally, we recommend that the entity includes important individuals in all training activities.

For more information on contractors, take a look at our blog post, Preparing Contractors for HIPAA Compliance, as well as our podcast, Should Employers Train Contractors Who See PHI? 

What Happens If My Business Associate/Subcontractor Discloses PHI?

Finally, a Business Associate/Subcontractor’s failure to meet the requirements of an agreement could result in substantial ramifications:

“A Business Associate is directly liable under the HIPAA Rules and subject to civil and, in some cases, criminal penalties for making uses and disclosures of Protected Health Information that are not authorized by its contract or required by law. A Business Associate/Subcontractor also is directly liable and subject to civil penalties for failing to safeguard electronic Protected Health Information in accordance with the HIPAA Security Rule.”4

When a Business Associate/Subcontractor breaches or violates a BAA, the Covered Entity must take reasonable steps to cure the breach or end the violation. “If such steps are unsuccessful, they must terminate the contract or arrangement,” HHS explains. “If termination of the contract or agreement is not feasible, a Covered Entity is required to report the problem to HHS Office for Civil Rights.”1

Where Can I Get a Business Associate Agreement?

Good news! We offer a FREE Business Associate Agreement template on our site. Click the button below and enter your email to receive your BAA today.

Remember, having this agreement is only one piece of the compliance puzzle. To be fully compliant, you must complete a Risk Assessment, maintain current copies of all documents required by HIPAA, train your staff, and more. Our HIPAA Prime program does all this and more, ensuring compliance for your business.

To learn more or get started, email today.

https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html
http://searchsecurity.techtarget.com/definition/business-associate
https://www.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__
https://www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html

For which of the following is a business associate contract not required bank?

A business associate contract is not required with persons or organizations whose functions, activities, or services do not involve the use or disclosure of [PHI], and where any access to [PHI] by such persons would be incidental, if at all.

Which of the following would not be classified as a business associate?

Who Is Not a Business Associate? Persons and entities that are part of a covered entity's workforce are not considered business associates.

Who is not a business associate under HIPAA?

What Is a “Business Associate?” A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. A member of the covered entity's workforce is not a business associate.

Is a business associate agreement required?

The HIPAA Rules generally require that covered entities and business associates enter into contracts with their business associates to ensure that the business associates will appropriately safeguard protected health information.

business associate contract required

Related Posts

How many credits are required to get an associates degree
How many credits are required to get an associates degree

How to change google business account to personal account
How to change google business account to personal account

What does milton friedman believe to be the sole responsibility of business
What does milton friedman believe to be the sole responsibility of business

Best way for small business to accept credit card payments
Best way for small business to accept credit card payments

Does a business credit card affect your personal credit score
Does a business credit card affect your personal credit score

Where to buy ice scramble powder
Where to buy ice scramble powder

How do i check my business credit score free
How do i check my business credit score free

Short term disability insurance for small business owners
Short term disability insurance for small business owners

How to turn your instagram account into a business account
How to turn your instagram account into a business account

How to create a business facebook page with personal account
How to create a business facebook page with personal account

Advertising

LATEST NEWS

Where to find your agi on 1040
1 years ago . by DeplorableRegulator
How to write your name on an envelope
1 years ago . by LucidShaving
Basset hound puppies for sale arizona
1 years ago . by SaneConsultancy
Does pumpkin stop a dog from eating poop
1 years ago . by SkilledTraveler
Put your trust in god not man bible verse
1 years ago . by SanguineSchoolboy
How long does alcohol stay in system for urine test
1 years ago . by AghastAccessibility
Where can i watch how to train your dragon 3
1 years ago . by MaximumAnnoyance
Free youtube video download app for iphone
1 years ago . by ErrantStorey
Used pop up truck campers for sale near me
1 years ago . by TreasuredApplause
I count the days till i see you again
1 years ago . by PeculiarPoliceman

Advertising

Populer

Advertising

About

Legal

Help

Social

homeendejahikoptzhth
Copyright © 2024 en.ketajaman Inc.