A business partner should also be drawn to the consequences of non-compliance with HIPAA requirements. The counterparties may be directly sanctioned by the authorities for the supervision of hip-hop offences. Both the Office of citizens` rights of the Department of Health and Human Services and the Attorneys General have the power to impose fines for violations of HIPAA rules. HIPAA requires insured entities to cooperate only with trading partners that guarantee full protection of the PHI. These assurances must take the form of a contract or other agreement between the insured company and BA.1 [The parties may add additional features with respect to the counterparty`s injury notification obligations: for example. B a stricter period for consideration in order to report a possible violation to the company concerned and/or whether the counterparty will deal with infringement notifications to individuals, the HHS Office for Civil Rights (OCR) and possibly the media on behalf of the insured unit.] In the event of a violation or non-compliance with a BAA by a counterparty/subcontractor, the covered unit must take appropriate measures to remedy the infringement or terminate the infringement. “If such measures fail, they must terminate the contract or agreement,” HHS explains. “If termination of the contract or agreement is not possible, a covered entity is required to report the issue to the HHS Office for Civil Rights.” 1 [The parties may add specificity to how the counterparty will respond to a request for access that the consideration receives directly from the person (for example. B if a counterparty is to grant the requested access or if the counterparty transmits the person`s request to the entity concerned, and the time within which the counterparty transmits the information to the entity concerned.] You need to be able to identify your employee classification before you know what HIPAA requires. In accordance with the definition of the Health Information Portability and Accountability Act (HIPAA), a counterparty is any organization or person, Who works in conjunction with an insured unit or provides services that generate, process or dividing protected health information (PHI).2 If PHI is accessed under the responsibility of the counterparty by persons who are not authorized to disclose the information, the counterparty is required to inform the unit concerned of the violation and may be required to send notifications to persons who have been compromised.
The timing and reporting responsibilities should be detailed in the agreement.