For some credit institutions, you only need a Service Level Contract (SLA). However, for lenders that create, receive, manage or transfer POs on behalf of your organization (“business partners”), you must have an associate agreement next to ALS. Even if your provider can`t view the PHI (z.B because it`s encrypted), you still need a BAA with it. Counterparties` functions and activities include: processing or managing receivables; Data analysis, processing or management Checking usage Quality assurance Settlement of accounts Benefit management Practice management and reassessment. The services provided by trading partners are: legal; actuarial; Accounting; The council data aggregation Administration From an administrative point of view Accreditation and financially. See the definition of “Business Associate” at 45 CFR 160.103. The contract must describe the authorized and necessary use of health information protected by the counterparty; provide that the counterparty will not continue to use or disclose protected health information unless the contract is authorized or required or required by law; require the counterparty to adopt appropriate safeguards to prevent the misuse or disclosure of protected health information that is not provided for by contract. Each party in the chain is legally and contractually obligated to protect the PHI and manage it to the same extent as the obligations of the company covered at the top of the chain. Therefore. B, if a covered company is a hospital and that hospital has a 24-hour injury report, each link (or business partner) of that chain must also report the injury report 24 hours a day in its BAAs. Instead, ask them to sign a confidentiality agreement. We include these points in the confidentiality agreements we make available to our customers: your BAA is valid as long as the supplier contract is in effect. However, if there is a change in ALS that affects your BA`s use or disclosure of PHI, you must tailor your BAA to new uses and advertisements.
As mentioned above, you may also need to amend your BAA to respond to legislative changes. The purpose of a matching agreement is to outline your BA`s responsibility to keep your PHI private and secure. The BAA represents the expectations and requirements of both parties – you and your BA. It is a legally binding document. You need to be able to identify your employee classification before you know what HIPAA requires. According to the definition of the Health Information Portability and Accountability Act (HIPAA), a business partner is any organization or person who works or provides services in relation to a covered entity, that generates, processes or discloses protected health information (PHI) 2 Since you must continue to develop your practice and implement additional services, you may find yourself in a situation where a service is a service that offers a NO. not the obvious best financial choice.