There are many HIPAA business association agreement templates available, but as a precautionary measure before they are used. Before using such a model, you should check for which model was designed to make sure it is relevant. It should also be customized to meet all the requirements of the covered company. Some covered companies have taken a “safer than sad” approach to addressing their definitional problems, and have entered into agreements with all the companies with which they have business relationships, whether necessary or not. Recent studies funded by the California Healthcare Foundation have shown that many companies unnecessarily enter into agreements with other covered companies and also enter into agreements with suppliers who did not have access to the PHI and would probably never do so. In one case, a covered company asked its landscaper to sign a HIPAA business partnership agreement. After the end of this agreement for some reason, Business Associate is returned to covered companies [or, if agreed by covered companies, destroying] any health information protected by companies covered, or created, maintained, or received by trading partners on behalf of the covered entity that the counterparty still manages in any form. The counterparty must not keep copies of the protected health information. While it is almost always necessary for a counterparty to sign an agreement with an insured company when an ePHI counterparty creates, receives, maintains or transmits on behalf of the insured company, if it does not offer covered service to the covered company (i.e. a landscaper), the business is not a consideration and no agreement is required. The counterparty agreement is a contract that defines the types of protected health information (PHI) made available to the counterparty, the authorized uses and disclosures of PHI, the measures to be implemented to protect this information (for example. B encryption at rest and during transmission), and the measures that the BA must take in the event of a security breach the PHI is available. The most comprehensive source of information about HIPAA is the HHS website.
However, since HHS cannot cover all possible relationships between a covered company and a counterparty, some of this information may be difficult to track and interpretable. For specific advice on specific circumstances, it is recommended to ask for professional hipaa compliance assistance.