Organizations that are considered mere “lines” are an exception because they pass through the PHI but do not have access to it. But this exception is quite narrow — it affects postmen, ISPs and not much else. HIPAA also offers exceptions for maintenance staff if its exposure to the PHI is incidental. In other words, a concierge wouldn`t normally need a BAA, but your Sysadmin would probably do. If in doubt, sign a HIPAA business association agreement. Counterparties` functions and activities include: processing or managing receivables; Data analysis, processing or management Checking usage Quality assurance Settlement of accounts Benefit management Practice management and reassessment. The services provided by trading partners are: legal; actuarial; Accounting; The council data aggregation Administration From an administrative point of view Accreditation and financially. See the definition of “Business Associate” at 45 CFR 160.103. For some credit institutions, you only need a Service Level Contract (SLA). However, for lenders that create, receive, manage or transfer POs on behalf of your organization (“business partners”), you must have an associate agreement next to ALS. Even if your provider can`t view the PHI (z.B because it`s encrypted), you still need a BAA with it.
As a result of the HITECH Act and recent amendments to the omnibus rule, counterparties1 of covered companies must comply with most of the HIPAA data protection and security rules, covered companies and counterparties must, among other things, execute agreements in which the counterparty agrees to comply with certain data protection and security provisions relating to protected health information (“PHI”). The omnibus rules also require registered companies to perform BAAs with companies that have not been considered counterparties in the past, including data storage companies and companies that must provide data transmission services and regularly access data.5, click here. For healthcare professionals, here is a short piece of information from Julie L. Hamlet and Ray H. Littleton of our Heath Care Law Group on business associate agreements and the need to consult your lawyer to avoid the consequences. Failure to enter into HIPAA-compliant counterparty agreements if necessary can result in heavy penalties for covered companies and counterparties.