[Option 1 – if the counterparty is to return or destroy all protected health information after the termination of the contract] Do Business Associate Agreements need original signatures? Or can I fax the agreement, have it signed and faxed? HIPAA requires insured entities to cooperate only with trading partners that guarantee full protection of the PHI. These assurances must take the form of a contract or other agreement between the insured company and BA.1 A “counterparty” is a natural or legal person, with another person in an insured company, who performs functions or activities on behalf of an insured business or who provides certain services that include the consideration`s access to protected health information. A “business partner” is also a subcontractor that creates, receives, manages or transmits protected health information on behalf of another counterparty. HIPAA rules generally require covered companies and counterparties to enter into contracts with their trading partners to ensure that counterparties properly protect health information. The counterparty contract is also intended to clarify and, if necessary, limit the use and disclosure permitted by the counterparty of protected health information on the basis of the relationship between the parties and the activities or services of the counterparty. A counterparty may only use or disclose protected health information to the extent that its counterparty contract is authorized or required or required by law. A counterparty is directly responsible under HIPAA rules and is subject to civil and, in some cases, criminal penalties for the use and disclosure of protected health information that is not authorized by the treaty or prescribed by law. A trading partner is also directly responsible and is subject to civil penalties if it does not protect health information protected electronically in accordance with the HIPAA safety rule. However, if you are still not able to do so as long as you have something to come to an end, which has been forwarded to requests and other parties who may need to be aware of this termination, then you agree. Instead, ask them to sign a confidentiality agreement.
We include these points in the confidentiality agreements we offer to our customers: once secure companies, business partners and business partners have identified their relationship, we must ensure that third parties protect the PHI they receive. A signed agreement proves that the BA knows that they must manage THE PHI. (a) [optional] The entity concerned informs the counterparty of any restrictions (s) in the notice of the data protection practices of the covered entity in accordance with 45 CFR 164.520, as this restriction may affect the use or disclosure of health information protected by counterparties.