Matching contracts. The contract of a covered company or any other written agreement with its counterparty contains the elements covered in paragraph 45 CFR 164.504 (e). The contract must, for example. B Describe the authorized and necessary use of health information protected by the counterparty; provide that the counterparty will not continue to use or disclose protected health information, with the exception of the contract or the law; and require the counterpart to adopt appropriate security measures to prevent the use or disclosure of protected health information that is not provided for by the contract. If a covered entity is aware of a significant violation or violation by the counterparty of the contract or agreement, the covered entity is required to take appropriate steps to correct the violation or terminate the violation and if such measures are inconclusive, to terminate the contract or agreement. If termination of the contract or agreement is not possible, a covered company is required to report the problem to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Please consult our standard contract for business partners. If SOM services enter into agreements with external providers regarding the provider`s access or disclosure of information considered PHI, in accordance with the Health Information Privacy and Portability Act (HIPAA), a BAA is required. The SOM is the covered entity (depository of information) and the business partner is the seller (which provides services to the SOM).
o make available to the Secretary his internal practices, books and records relating to the use and disclosure of protected health information received or created or received by the counterparty on behalf of the insured company, in order to determine compliance with that party by the entity concerned. Counterparties` functions and activities include: processing or managing receivables; Data analysis, processing or management Checking usage Quality assurance Settlement of accounts Benefit management Practice management and reassessment. The services provided by trading partners are: legal; actuarial; Accounting; The council data aggregation Administration From an administrative point of view Accreditation and financially. See the definition of « Business Associate » at 45 CFR 160.103. The transitional period for the adoption of matching agreements updated in accordance with the Health and Accounting Act (HIPAA) expires on September 22, 2014. The purpose of a matching agreement is to outline your BA`s responsibility to keep your PHI private and secure. The BAA represents the expectations and requirements of both parties – you and your BA. It is a legally binding document. Last fall, the matching agreement provisions under the HITECH Act came into effect.
Many covered companies have used models and models proposed by professional companies and the Department of Health and Human Services, but it is increasingly clear that « model » agreements were simply a « stopgap » measure and that organizations that use BAAs must conduct ongoing document audits and adapt the language to the individual needs of their business. After the implementation of updated counterparty agreements for grandfather agreements, it would be desirable to develop a practice of maintaining a protocol or a calculation table that followed the actual/renewal data of these agreements and the underlying service agreements.