Warning: Use of undefined constant REMOTE_ADDR - assumed 'REMOTE_ADDR' (this will throw an Error in a future version of PHP) in /home/thefamousguju/anandmpatel.com/wp-content/plugins/antiscraper/antiscraper.php on line 18

When Do You Need A Hipaa Business Associate Agreement

2. Explain the limits of liability of the covered company. Some covered companies or business partners insist on business partnership agreements because they mistakenly assume that they are liable on behalf of the entrepreneur`s HIPAA violations. HIPAA makes it clear that covered companies or business partners are only liable for the actions of their business partners or subcontractors if the business partner or subcontractor acts as a representative of the covered company, i.e. the target company had the right to control the actions of the business partner or subcontractor. (45 CFR 160.402(c); 78 FR 5581). The parties may evade their liability as executing agents by ensuring that any contract between them clearly identifies the business partner or subcontractor as an independent contractor and not as an agent and that the company concerned does not control the actions or operations of the business partner or contractor. (78 FR 5581). To this end, an overly restrictive business partnership agreement may effectively go against the entity concerned, as it may suggest an agency relationship or give the covered entity greater control over the entrepreneur`s actions. (Frequently Asked Questions (“FAQ”), available at www.hhs.gov/ocr/privacy/hipaa/faq/index.html). Similarly, `the mere sale or supply of software to a covered entity does not create a business partner relationship if the supplier does not have access to the [PSR] of the covered entity`. (Id.). Companies that wish to evade the obligations of business partners may wish to include a provision in their service contracts that confirms that they do not need PHI to perform their functions and that their customers, who are covered companies or business partners, do not provide the Company with a PHI (or, as described below, an unencrypted PHI) without the prior consent of the Company.

Not all of these services have to manage your customers` information. However, some of them, like an email provider like Hushmail, could eventually handle phi. If you are a covered entity, this PHI must be protected. 4. Condition of the Commercial Partnership Agreement. If the covered entity still insists on a business partner agreement, the business partner or subcontractor can minimize its risk by reviewing a business partner agreement to the company`s business partner status as a business partner, i.e. the business partner assumes responsibilities if and to the extent that it is a business partner within the meaning of hipaa. While this is an imperfect solution, it could at least allow the company to avoid regulatory penalties if it`s really not a business partner. For example, suppose you share ePHI with another company to provide the services provided to a covered company, you must sign a business partnership agreement with the third party. .