This BUSINESS ASSOCIATE AGREEMENT (this “BA agreement”) is entered into by and between EYEFINITY, INC., a Delaware company (“EF”), and the Eye Care Provider (“Covered Entity”) which uses Eyefinity`s software products and services (the “products and services”). The EF and the covered entity can be individually referred to as “party” and collectively “parties.” The large-scale terms used in this un defining agreement must have the meanings attributed to these terms by the “Administrative Simplification” section of the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act and its terms of application in the amended version from time to time (“HIPAA”). (OCR Frequently Asked Questions (“FAQ”), available at www.hhs.gov/ocr/privacy/hipaa/faq/index.html). Similarly, “the simple sale or provision of software to a registered business does not result in a business relationship if the seller does not have access to the [PHI] of the registered business.” (Id.) Companies wishing to avoid counterparty obligations may wish to include in their service contracts a provision confirming that phi is not required to perform its functions and that their customers, who are registered companies or counterparties, do not make available to the company POs (or, as explained below, unencrypted POs) without the prior approval of the entity. The most comprehensive source of information about HIPAA is the HHS website. However, since HHS cannot cover all possible relationships between a covered company and a counterparty, some of this information may be difficult to track and interpretable. For specific advice on specific circumstances, it is recommended to ask for professional hipaa compliance assistance. We talk to development shops and suppliers who always do this wrong. Here are three of the most common false beliefs we hear: 1. Entities that do not create, receive, receive, transmit PHI. If you want to avoid matching commitments, the safest way is to make sure that you are not processing PHI on behalf of a covered business or a counterparty to a covered business. Accidental receipt or accidental access to the PHI outside of your contractual duties does not result in any consideration obligation.
The OCR stated: Real world example: Covered entity (CE) is implementing interfaces between Vendor A (my client) and Vendor B. Note that there is no underlying agreement between creditors A and B. The EC wants interoperability to be simple and simple and for a business association agreement (BAA) to be properly implemented with each supplier. However, Creditor B granted CE a subcontracting agreement (Sub BAA) between Kreditor B and Kreditor A and ordered EC to have it signed as a subcontractor to continue the project. I advised Vendor A not to sign the Sub BAA because it was not suitable for the situation. Covered companies may be fined for not entering into a HIPAA counterparty agreement or for entering into an incomplete agreement – while HITECH 78 FR 5574 AAS are required to comply with the HIPAA safety rule, even if no HIPAA counterparty agreement is reached. 7. Entities that are only “tubes” for PHI. Companies that transfer POs to a covered company are not business partners when they are not required to regularly access the PHI, i.e. they are only “lines” of the PHI (for example. B Internet service providers, telephone companies, etc.). (45 CFR 160.103; 78 FR 5571; 65 FR 82476).
(78 FR 5574). These “reasonable assurances” can be obtained through a limited confidentiality agreement; a full-fledged counterparty agreement is not necessary. There are a few exceptions to the requirement to sign a counterparty agreement. These include specialists to whom a hospital refers a patient and transmits the patient`s medical card for treatment, laboratories to which a physician discloses a patient`s PPH for treatment, and the disclosure of PHI to a health plan sponsor, such as an employer, through a collective health plan.