Contracts with business partners. The contract or other written agreement of a covered entity with its counterparty must contain the elements referred to in 45 CFR 164.504(e). For example, the contract must: describe the authorized and required use of the health information protected by the business partner; provide that the business partner does not use or disclose protected health information other than to the extent permitted or contractually prescribed or required by law; and request the business partner to take appropriate security precautions to prevent protected health information from being processed or otherwise contracted. If a Covered Entity becomes aware of a material breach or breach of the Agreement or Agreement by the Business Partner, the Covered Entity is required to take reasonable steps to remedy the breach or terminate the breach, and if such steps fail, to terminate the Agreement or Agreement. If termination of the contract or agreement is not possible, a covered entity must report the issue to the Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS). Please see our Standard Business Partnership Agreement. HIPAA defines business partners as a person or entity that provides services to a covered company that include disclosure of PSRs. Companies that are considered trading partners when working with covered companies are: What is a “trading partner”? A “Business Partner” is a natural or legal person who performs certain functions or activities that involve the use or disclosure of protected health information on behalf of or services provided to a relevant company. A staff member of the covered company is not a business partner. An insured health care provider, health care plan, or health care exchange house may be a business partner of another covered entity. The Privacy Policy lists some of the features or activities, as well as the respective services that make a natural or legal person a business partner if the activity or service involves the use or disclosure of protected health information. The types of functions or activities that may make a natural or legal person a business partner include payment or health activities, as well as other functions or activities regulated by the administrative simplification rules. Exceptions to the Business Partner Standard.
The privacy policy contains the following exceptions to the business partner`s standard. See 45 CFR 164.502(e). In such situations, a relevant undertaking shall not be required to enter into a business partnership agreement or other written agreement before protected health information can be disclosed to the natural or legal person. Some companies may or may not be considered business partners, depending on the information they access as part of their service contract: there are many examples of online business partnership agreements, but it is important to be careful before using such models, as they may have been designed for a different relationship. Each BAA must be adapted to the uniqueness of the relationship between the covered company and the respective covered company. By law, the HIPAA privacy rule only applies to covered companies — health plans, health care clearing houses, and certain health care providers. .