The BAA template provided here (tk insert link to pdf) is generalized. Any actual use of such an agreement requires adaptation to the specific needs of the organization. Here are some additional considerations that a company can take into account when creating its own specific contract. However, the tide turns when and if it can be proven that you know about the breach of contract. HIPAA regulations state that companies that discover a breach by a trading partner must either correct the error or terminate the BAA. If they don`t, they share responsibility for the violation with the partner. From award-winning HIPAA training to contracts and agreements, we can meet your needs to help protect your business. Business partners are any organization or person who creates, transmits, receives or maintains PSRs on behalf of a Covered Entity or on behalf of the Business Partner of a Covered Entity. A HIPAA business partnership agreement doesn`t have to be a stand-alone contract.
Companies and organizations that work with covered entities must sign a BAA. General provision. The confidentiality rule requires that a covered entity receive satisfactory assurances from its business partner that the business partner is adequately protecting the protected health information it receives or creates on behalf of the covered entity. Satisfactory assurances must be given in writing, whether in the form of a contract or other agreement between the targeted entity and the business partner. At Aptible, we get a lot of questions about HIPAA business partnership agreements, or “BAAs.” This article discusses some of the essential concepts that cloud-hosted software development organizations should know about BAAs. BAAs must be signed by all covered entities when their trading partner processes PSRs that first pass through the covered entity. Below is a list of entities covered. For more information, see HHS.gov entities covered by HIPAA. However, if the covered company has exercised its due diligence before entering into an agreement, such situations are rare. Assuming that the Covered Company has fulfilled its duty of care, it is unlikely that the Covered Company will be found guilty if a supplier violates the BAA and violates HIPAA in any way. .