SeoSeo7, el Blog de Gaplogic sobre Seo, Sem, Marketing On Line y todo sobre el posicionamiento en buscadores.

When Does A Covered Entity Need A Business Associate Agreement

Instead, ask them to sign a confidentiality agreement. We include these points in the confidentiality agreements we offer to our customers: (78 FR 5574). However, even if no matching agreement is required because an entity assists the counterparty in its own administrative or administrative functions, HIPAA limits the use or disclosure of PHI by the company: when a service is suspended from a covered organization that does not limit the disclosure of [PHI] (for example. B, routine processing of files or grinding documents containing [PHI]), it would probably be a business partner. However, when this work is done under the direct control of the registered company (for example. B on the premises of the covered company), the data protection rule allows the covered company to treat the service as part of its staff and the covered entity is not required to enter into a counterparty contract with the service. 2. Staff members of a company. A company`s staff members are not business partners of the company, including «employees, volunteers, interns and others whose conduct while performing work for an insured company or counterparty is under the direct control of that unit or consideration, whether or not they are paid by the insured unit or by a consideration.» CFR 160.103). In order to avoid counterparties` obligations, contractors may attempt to be classified as staff members of the covered company. The OCR has stated that a HIPAA Business Association Agreement is the best way to protect your practice or organization in the event of a breach of your supplier.

If you are not convinced, BAAs are prescribed by the HIPAA safety rule. In principle, BAAS must include these provisions: Any partner with whom you share PHI or ePHI during the work for which they were hired is the one who needs a Business Associate Agreement. A matching contract is not required with persons or entities whose functions, activities or services do not involve the use or disclosure of [PHI] and for whom access to [PHI] by these individuals would be incidental, if at all. [For example], the services that clean the offices or facilities of an insured company are not business partners, since the work they do for the covered companies does not involve the use or disclosure of [PHI] and any disclosure of [PHI] to janitorial staff involved in the performance of their duties (as can be done when garbage cans are emptied) is limited in nature. as a by-product of their janitorial obligations, it was not reasonably possible to prevent them. The purpose of a matching agreement is to outline your BA`s responsibility to keep your PHI private and secure. The BAA represents the expectations and requirements of both parties – you and your BA.


Calle Enric Granados 24
(08870) Sitges – Barcelona
Teléfono: (+34) 677 147 380
El Blog de Gaplogic:
. Directorio de Blogs optimizados