Remember that if your counterparty agreements are up to date, you may not have to execute an entirely new agreement to ensure compliance with the rules or make changes to existing provisions. Creating addenda that meet new requirements is acceptable and can keep you compliant. The most important point is that all your counterparty agreements are up to date, contain the most important provisions and comply with the standards of all applicable federal laws. By regularly reviewing agreements, you avoid any misunderstandings that can lead to significant sanctions and other consequences. Transitional provisions for existing contracts. Covered companies (with the exception of small health plans) that are covered before 15 Under this contract, existing contracts (or any other written agreement) with counterparty may continue to work for up to an additional year beyond the compliance date of 14 April 2003, unless the contract is renewed or amended before 14 April 2003. 2003. This transitional period applies only to written contracts or other written agreements. Oral contracts or other arrangements are not eligible for the transition period. Entities covered by eligible contracts may continue to operate under such contracts with their counterparties until April 14, 2004 or April 14, 2004 or until the renewal or amendment of the contract, whichever is earlier, whether or not the contract meets the applicable contractual requirements under 45 CFR 164.502(e) and 164.504(e). Otherwise, a data subject entity must comply with the data protection rule, for example.B.
only make permitted advertisements towards the counterparty and allow individuals to exercise their rights in accordance with the rule. See 45 CFR 164.532 (d) and (e). Sometimes an associate has his own BAA. Which one should you use, yours or his? Hipaa is silent about this. Nevertheless, it is typical for the hiring organization to dictate the terms of an agreement. For example, you would use your BAA with your business partner and the partner would use its BAA with its subcontractors. However, you will never accept a BAA with your BA`s subcontractors! Many experts agree that BAAs should be monitored at least once a year or more when they are taking place or when there are significant changes in the business relationship. According to the law, the HIPC data protection rule only applies to covered companies – health plans, clearing houses for healthcare and certain healthcare providers. However, most health care providers and health plans do not perform all of their health activities and functions themselves.
Instead, they often use the services of a large number of other people or companies. The data protection rule allows covered health providers and plans to transmit protected health information to these “counterparties” when suppliers or plans receive satisfactory assurances that the counterparty is only using the information for the purposes for which it was mandated by the covered entity, protects the information from abuse and helps the covered company to meet some of the obligations of the covered company, in accordance with the data protection rule. . . .