Business Associate Agreement Requirements under Hitech

Business Associate Agreement Requirements under Hitech

Note: To understand the detailed requirements of the mandatory elements of a commercial partnership agreement, you should refer to the specifications of (2). The required elements require specific contractual wording. Suppliers are encouraged to seek advice regarding business partnership agreements. Do HITECH`s new requirements require that my business partnership agreement with your company be changed? What new requirements does HITECH impose on business partners? An updated Business Partnership Agreement is mandatory in the current regulatory and legal environment. If you don`t have a template to work with, or if your template isn`t a current version that meets the requirements of the HITECH Act, take a look at the business partner agreement template we recommend. In addition, the definitive Regulation clarifies that a subcontractor may not use PSRs in a manner not authorised by the business partnership agreement between the main trading partner and the covered entity. HHS explained that any agreement in the “chain of trading partners must be as strict or stricter” than agreements above it in the chain. Compliance schedule. HHS has given covered companies and business partners additional time to review their agreements in line with the new requirements. For agreements in effect on January 25, 2013, the parties have until September 22, 2014 to amend their agreements with trading partners, unless the parties renew or amend their current contracts between March 26, 2013 (the effective date of the Final Rules) and March 23, 2014. September 2013 (deadline for compliance with other provisions of the final regulation).

In these circumstances, the Trade Partnership Agreement must comply with the new rules by 23 September 2013. This is the second fact sheet released this year on HIPAA accountability. In April, ocr released a fact sheet on possible liability in relation to third-party health applications. In short, OCR and covered companies closely review and consider HIPAA liability, and all business partners should be aware of the potential for liability when entering into contracts with covered companies. In 2013, under the oversight of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), HHS enacted a final rule that held business partners directly responsible for certain HIPAA-related violations. According to the rule, the designation as a business partner does not depend on the existence of an agreement with the covered company. In addition, the rule extended the obligations to protect PHI to subcontractors of business partners. However, the scope and scope of direct liability of trading partners and the risk to state enforcement were not entirely clear. The purpose of this amendment is to align the COVERED ENTITY and the BUSINESS ASSOCIATE with the new HIPAA requirements for business partners under the Health Information Technology Act for Economic and Clinical Health (HITECH Act).

The HITECH Act requires that the new data protection and security requirements imposed on trading partners be incorporated into all new and existing business partnership agreements at an earlier stage: (1) then at the next extension, 23.09.2013 or (2) 23.09.2014. New obligations for trading partners. A revised section 164.504(e) expands the list of specific requirements for trading partner agreements to bind trading partners: These include existing civil penalties under HIPAA through the establishment of a multi-tiered penal system ranging from $100 per violation for ignorant violations to $50,000 per violation for “wilful negligence.” HITECH also expands the hipaA privacy rule enforcement provisions by giving attorneys general the ability to enforce violations with injunctions and civil damages. C. Reimburse the insured company for the reasonable cost of notification (required by hitech default notification regulations) of an PHI violation described in point 1.B which is not guaranteed. For example, a provider`s use of an Internet-hosted practice management and EHR application clearly implies the need for a business partnership agreement. In addition, even a non-hosted application may require a business partnership agreement if the software vendor accesses the system to provide technical support. In short, the increased use of technology by suppliers requires additional attention to be paid to relationships with business partners.

1Information Technology Act § 13402 (discussion of notification in case of breach). 2Information Technology Act § 13402(e)(2) (Discussion of opinion). 3Hitech Law § 13402(f) (discussion of the content of the notification). 4Grund is defined in § 160.401 as “circumstances which, despite the exercise of normal commercial diligence and prudence, would make it unreasonable for the targeted undertaking to comply with the infringed administrative simplification provision”. 5See summary of 45 C.F.R. . . .

Share this post