«I worked with cloud service providers who were trying to understand, «Can we inadvertently become a business partner?» The answer is yes, and it`s not a comfortable result,» Christiansen says. Simply put, public service contracts are legal contracts, under existing federal legislation, in particular HIPAA,2, in certain circumstances, in certain circumstances, to ensure that parties protect the privacy and security of protected health information (PHI) within the meaning of HIPAA.3 In particular, HIPAA generally requires covered companies to enter BAAs when they hire a business partner to assist in health activities and functions.4 HIPAA business partners must also seize BAAs with their subcontractors. , AAAs must be seized at the time or before the counterparty accepts services for or on behalf of the company or the counterparty registered by HIPAA. They are often boring, dense and technical, but BAAs are important both from a legal and a commercial point of view, and they deserve our attention. Non-participation in a BAA, if required, may constitute a hipaa violation that results in significant liability, as shown by some recent comparisons by the Department of Health and Human Services (HHS).1 A trading partner who makes an unauthorized or legally authorized disclosure by the applicable BAA may be subject to civil penalties and, in some cases, Criminal. In addition, parties are often subject to AAAs that contain unilateral incriminating compensation and other provisions that could disfigure an organization in the event of a HIPAA violation. Other factors that counterparties should take into account are the cap on the amount paid in the event of compensation, the setting of a deadline for the period of compensation, a clear definition of the extent of activities subject to compensation, and the mutual applicability of the compensation clause (i.e., the requirement for the entity concerned to compensate for the consideration in the event of an infringement caused by the unit). HipAA Business Associate Agreement (BAA) defines your business partner`s obligations to protect your data. The previous blog gave an overview of the BAAS. Let`s look at six important provisions of the BAA: Business associates agreements (BA) are contracts between insured companies and trading partners or between business partners and their subcontractors.

These agreements define the responsibilities of each party under hipAA to ensure that protected health information (PHI) is protected. BA agreements are also used to clarify the authorized uses and disclosures of PHI based on the relationship between the parties and the services provided. In a compensation clause, the compensation party (BA) agrees to cover your organization`s obligations if BA`s actions result in damages. You don`t need to have a compensation clause in your BAA. However, some organizations include this clause to protect against losses caused by BA`s non-compliance with HIPAA. While you are negotiating your BAA, you should consult a lawyer to find out if the compensation clause should be included. As noted above, entry into BAAs must become a routine for many companies and partners covered by HIPAA, but these contracts must be taken seriously. Careful compliance with HIPAA BAA provisions and compliance obligations related to them at the beginning of a relationship can avoid significant legal and financial challenges in the future.