Similarly, counterparties must have a matching agreement with their SROs. The BA and BAS agreements are almost identical, so the main difference is the definition of the category. In addition to Aptible or another host, you`re probably using a number of third-party application and workflow services to create your products and run your business. You can use z.B. Twilio to send SMS, mailgun for transactional emails, mixpanel for analysis, AWS RDS for your database, Papertrail for logging, Slack for internal communications, Gmail for email, etc. Some of these suppliers will sign BAAS, others will not. Contractors who work exclusively for your business, individuals with other customers, and employees hired through a company are not business partners. However, your company is liable if one of these people violates the PHI. Since the passage of the Economic and Clinical Health Information Technology Act (HITECH) in 2013 and its inclusion in HIPAA through the Hipaa Omnibus Final Rule, subcontractors employed by business partners are also required to comply with HIPAA. A counterparty must also obtain a HIPAA counterparty agreement signed from its subcontractors before accessing the PHI or ePHI. When subcontractors use creditors who need access to the PHI or ePHI, they must also enter into matching contracts with their subcontractors.
C. What are the provisions to be included in a matching agreement? Counterparties are any organization or person who establishes, transmits, receives or entertains PHI on behalf of an insured business or on behalf of the counterparty of an insured business. There are a few exceptions to the requirement to sign a counterparty agreement. These include specialists to whom a hospital refers a patient and transmits the patient`s medical card for treatment, laboratories to which a physician discloses a patient`s PPH for treatment, and the disclosure of PHI to a health plan sponsor, such as an employer, through a collective health plan. Companies and covered counterparties should also review the terms of their agreement to ensure that each agreement complies with the legal and administrative provisions and provisions of the contract itself. Businesses must ensure that they have taken steps to implement procedures and guidelines to comply with the necessary safeguards for the PHI and receive the agreed insurance coverage amounts and insurance policies required in accordance with the agreement. Note: If a business partner delegates an activity to another entity, that entity is considered a counterparty to a subcontractor – the same rules apply.
