BAAs comply with both HIPC rules and the obligation of liability between the two parties. If one party violates a BAA and discloses PHI, the other party has a lawsuit. If there is no BAA, if it is incomplete, or if the agreement is blatantly violated, both staff members may be in the crosshairs of the Department of Health and Human Services, the Office of Civil Rights, and perhaps even the Department of Justice. No, your staff members are not your business partners, but you are responsible for monitoring their access to PHI and training them in security and data protection practices. Your “staff” includes paid employees, but also volunteers, apprentices, temporary workers and all others under your direct control. “BAA” is an acronym for “Business Associate Agreement,” an industry term for what HIPAA rules call a “business associate contract.” The same thing. If you engage a subcontractor and that contractor comes into contact with a PHI, you must perform a BAA between the two of you. The data protection rule stipulates that all counterparty contractors must agree to restrictions identical to those of the original counterparty. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html (b) dismissal for unfounded reason. The counterparty shall authorize the termination of this Agreement by the Covered Entity if the Covered Entity finds that the Counterparty has breached an essential provision of the Agreement [and that the Counterparty has not cured or terminated the Breach within the period specified by the Covered Entity]. [A language in parentheses may be added if the undertaking concerned wishes to give the counterparty the opportunity to remedy a breach or breach of contract prior to termination for an indispensable reason.] An “agent” in the legal sense of the word is someone who acts as you.

For the purposes of notification of a breach, you are responsible for the discovery of an infringement by an agent, as well as the legal consequences of their actions. Almost all subcontracts or supplier contracts expressly oppose an agency relationship between the parties. A BAA where all your subcontractors must be your agents is useless, dangerous and probably impossible to comply with. The functions and activities of counterparties include: claims management or management; data analysis, processing or management; verification of use; quality assurance; settlement of accounts; performance management; practice management; and reassessment. the counterparty services are: legal; actuarial; accounting; counselling; data aggregation; management; from an administrative point of view; accreditation; and financially. See the definition of “counterparty” in 45 CFR 160.103. . .

.