Business Associate Agreement Training

The training courses can be delivered on site and/or can be consulted electronically on the Internet. The training provides the basics of ad compliance with HIPAA rules that apply to your specific role in managing protected health information. HipAA trainings on the data protection rule begin with the implementation by a counterpart of certain policies and protection measures that are provided for by the data protection rule for the companies covered. These directives and procedures include transitional provisions for existing treaties. Covered companies (with the exception of small health plans) that entered into an existing contract (or other written agreement) with counterparty before 15 October 2002 may continue to work for up to an additional year beyond the compliance date of 14 April 2003, unless the contract is concluded before 14 April 2003 and is extended or amended. This transitional period applies only to written contracts or other written agreements. Oral contracts or other arrangements are not eligible for the transition period. Entities covered by eligible contracts may continue to operate under such contracts with their counterparties until April 14, 2004 or April 14, 2004 or until the renewal or amendment of the contract, whichever is earlier, whether or not the contract meets the applicable contractual requirements under 45 CFR 164.502(e) and 164.504(e). Otherwise, a data subject entity must comply with the data protection rule, for example.B. only make permitted advertisements towards the counterparty and allow individuals to exercise their rights in accordance with the rule. See 45 CFR 164.532 (d) and (e). 1.

Determine if the counterparty rules apply. Out of ignorance or prudence, the companies concerned may ask certain companies to sign counterparty agreements, although the company is not a “counterparty” within the meaning of the HIPC. Undertakings should avoid making counterparty commitments or entering into counterparty agreements where they are not actually counterparties. It is significant that they are not counterparties: (i) companies that do not create, maintain, use or disclose PHI in the provision of services on behalf of the covered entity; (ii) members of the staff of the undertaking covered; (iii) other health care providers in the process of treatment; (iv) members of organized health care; (v) companies that use PHI to provide services on their own behalf and not on behalf of the covered entity; and (vi) Companies that are only channels of the IHP.18 For more information on the prevention of counterparty agreements, see this link. Ask them to sign a confidentiality agreement. We insert these points into the confidentiality agreements we provide to our customers: 2. Execution and compliance with valid business agreements. Companies that are counterparties must execute and execute written counterparty agreements, which essentially require the counterparty to respect the privacy of THE PHI; limit the counterparty`s use or disclosure of PHI to the purposes authorized by the covered entity; and help covered companies respond to individual requests for their PHI.19 The OCR has published on its website an example of counterparty agreements: A supplier is also considered a counterparty when ePHI passes through its systems as part of the services provided.

A HIPAA SIGNED counterparty agreement must be obtained from the covered entity before a counterparty can contact PHI or ePHI….

Pin It