Apgar also came across a customer who is disoriented by his status. “They do a fax service. You don`t keep the data for more than 15, 20 days, but you may need access to the data. You`re still a business partner,” he says. Step forward a few years. The Hitech law came on stage, and it became more serious. Covered companies (CEs) were required to inform individuals, the media and health and human health services in the event of a violation of the PHI. And the DAs are now under the responsibility of the Civil Rights Office (OCR). Responsibility is no longer solely on CEs to ensure the privacy and security of PIs. This meant that the CEs and BAs had assumed the same responsibility to secure a BA agreement. In summary also, a “counterpart” is a person who, on behalf of a covered entity, establishes, manages, manages or transmits specific functions or activities such as claims processing and management, data analysis, processing or management, utilization verification, quality assurance, certain patient safety activities, billing, profit management, practice management and reassessment; or (b) provides legal, actuarial, accounting, advisory, data aggregation, administration, accreditation or financial services to the covered entity or to that agency, where the provision of the service involves the disclosure of PHI. It is also important to have a provision for termination of the contract. In short, it protects one party if the other is in serious violation of the agreement.
“If a party is injured,” Says Apgar explains, “you may want to give them a few days to find out, but if the violation persists, you want the opportunity to terminate the contract.” Other factors that counterparties should take into account are the cap on the amount paid in the event of compensation, the setting of a deadline for the period of compensation, a clear definition of the extent of activities subject to compensation, and the mutual applicability of the compensation clause (i.e., the requirement for the entity concerned to compensate for the consideration in the event of an infringement caused by the unit). 1 See in particular the most recent settlements with the Center for Children`s Health, the New England Health System and the Raleigh Orthopaedic Clinic, P.A. of North Carolina. www.hhs.gov/hipaa/newsroom/index.html?language=es. 2 For the purposes of this article, “HIPAA,” reference is made to the Health Insurance Portability and Accountability Act of 1996 and to all changes or procedures of application (including data protection, See 45 CFR 160.103 and 45 CFR 164.504.4 45 CFR 164.504 45 CFR 164,504 www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html. 6 45 CFR 160.103.7 www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/Downloads/CoveredEntitiesChart20160617.pdf 8 See 45 CFR 160.103. See also www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html and www.hhs.gov/hipaa/for-professionals/faq/business-associates.9, Chapter 45, Chapter 164, Sub-Part E of the Federation Code.10 Title 45, Chapter 164, Sub-Part C of the Federation Code.11, Title 45, Chapter 164, Paragraph D, of the Federal Order Code.12 See 45 CFR 164.524.13 See 45 CFR 164.526.14 See 45 CFR 164.528.