This is just one example of language and the use of these examples is not necessary to comply with HIPAA rules. The language may be modified to more accurately reflect trade agreements between a counterparty or counterparty or subcontractor. In addition, these provisions or similar provisions may be included in a service agreement between a counterparty or counterparty or a subcontractor or in a separate counterparty agreement. These provisions relate only to the concepts and requirements defined in the rules of data protection, security, infringement and enforcement of hipaa legislation and may not be sufficient on their own to achieve a binding contract under national law. They do not contain many formalities and material provisions that may be required or contained in a valid contract. The use of this sample may not be sufficient to respect state law and may not replace consultation with counsel or negotiations between the parties. A HIPAA counterparty agreement is a contract between a company covered by HIPAA and a creditor used by that company. A company covered by HIPAA is usually a health care provider, health plan or clearing house in the health sector, which conducts transactions electronically. A supplier of a company covered by HIPAA, which must receive Protected Health Information (PHI) to perform tasks on behalf of the covered entity, is designated as a business partner (BA) under HIPAA. A provider is also classified as BA when, as part of the services provided, electronicPHI (ePHI) passes through their systems.

A signed HIPAA counterparty agreement must be obtained by the covered unit before a business partner can contact the PHI or ePHI. If you hire a subcontractor and the contractor comes into contact with a PHI, you must execute a BAA between the two of you. The data protection rule stipulates that all counterparty contractors must consent to restrictions identical to those of the original counterparty. For many covered companies, it is not always clear who is subject to a HIPAA business partnership agreement. The Department of Health and Human Services defines a counterparty as “a person or organization that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of a covered company or that provide services to a covered business.” Instead, ask them to sign a confidentiality agreement. We include these points in the confidentiality agreements we make available to our customers: HIPAA requires insured companies to collaborate only with business partners ensuring full protection of PHI. These assurances must take the form of a contract or other agreement between the insured company and BA.1 A “counterparty” is a natural or legal person, with another person in an insured company, who performs functions or activities on behalf of an insured business or who provides certain services that include the consideration`s access to protected health information. A “business partner” is also a subcontractor that creates, receives, manages or transmits protected health information on behalf of another counterparty. HIPAA rules generally require covered companies and counterparties to enter into contracts with their trading partners to ensure that counterparties properly protect health information. The counterparty contract is also intended to clarify and, if necessary, limit the use and disclosure permitted by the counterparty of protected health information on the basis of the relationship between the parties and the activities or services of the counterparty.