(g) [optional] Counterparties may provide data aggregation services related to the health activities of the covered company. 5. If the counterparty uses subcontractors or other entities to provide services to the registered business in which PHI is involved, you enter into matching agreements with the subcontractors. (45 CFR 164.314 (a) and 164,504 (e)). What is a business associate? „counterparty“: a person or organization that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of a covered company or that provide services to a covered business; An insured company staff member is not a business partner. A covered health care provider, health plan or health care clearinghouse may be a counterpart to another insured company. The data protection rule lists some of the functions or activities and related services that make an individual or organization a business partner when the activity or service involves the use or disclosure of protected health information. The types of functions or activities that can make an individual or organization a counterpart include payment or health transactions, as well as other functions or activities governed by administrative simplification rules. The counterparty agreement is a contract that defines the types of protected health information (PHI) made available to the counterparty, the authorized uses and disclosures of PHI, the measures to be implemented to protect this information (for example. B encryption at rest and during transmission), and the measures that the BA must take in the event of a security breach the PHI is available. Become HIPAA CompliantAttract new customers and grow your business.
Avoid counterparty requirements. Given the cost of compliance and penalties for violations, companies may want to avoid becoming a „counterpart“ or executing matching agreements if possible. The following counterparties are not counterparties and may object to the implementation of a counterparty agreement: 2. Staff members of a company. A company`s staff members are not business partners of the company, including „employees, volunteers, interns and others whose conduct while performing work for an insured company or counterparty is under the direct control of that unit or consideration, whether or not they are paid by the insured unit or by a consideration.“ CFR 160.103).