With increasing penalties, lower standards for reporting violations, and expanded enforcement, it is more important than ever for business partners to comply with, or at least document, efforts in good faith to avoid accusations of intentional negligence, mandatory penalties, and civil lawsuits. Here are the most important compliance actions that trading partners should take. Contracts between business partners and subcontracting business partners are subject to the same requirements. Entrepreneurs who work exclusively for your company, people with other customers, and employees hired through a company are not business partners. However, your company is liable if any of these people violate PSR. www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html according to the 2013 HIPAA Final Omnibus Rule, HIPAA Compliance for Employees have become even more important. HHS requires you to sign business partnership agreements with the covered companies you support. In this agreement, the relevant company and the business partner agree to share responsibility for the protection of patient data and the notification of breaches. Yes, it is still the primary responsibility of the covered entity to ensure the protection of PHI, but HHS makes it clear that you must provide satisfactory assurance to covered companies that you are protecting patient data that you receive or create on behalf of the relevant entity. Start by understanding PHI`s operations in your unique environment. Until you understand your operations, it`s impossible to understand exactly what needs to be secured and what business practices need to be changed.
Once your networks are properly segmented, make backing up and encrypting PHI a standard procedure. 12. Beware of stricter laws. When assessing their compliance, business partners should also consider other federal or state data protection laws. To the extent that a state federal or other law is stricter than HIPAA, business partners must comply with the most restrictive law.43 Generally, a law is stricter than HIPAA if it provides individuals with better privacy protection or grants individuals greater rights with respect to their IHP.44 Similarly, business partners must enter into a business partnership agreement with their BAS. The BA and BAS agreements are almost identical, so the main difference lies in the definition of the category. Exceptions to the Business Partner Standard. The privacy policy includes the following exceptions to the business partner`s standard.
See 45 CFR 164.502(e). In these situations, a registered company is not required to have a business partnership agreement or other written agreement before the protected health information can be disclosed to the natural or legal person. Encryption is the best way to protect yourself from the penalties associated with a breach if a device is lost or stolen. The HITECH Act of 2009 changed the HIPAA breach notification rule by stating that if a device is lost or stolen, the loss cannot be reported as a breach if it can be proven that the data has been rendered unreadable by secure destruction or encryption. [The agreement could also provide that the business partner could transfer the protected medical information to another business partner of the company collected upon termination and/or add terms relating to a business partner`s obligations to receive or ensure the destruction of protected medical information created, received or maintained by subcontractors.] [Option 1 – if the business partner must return or destroy all protected medical information upon termination of the contract] In 2013, the HIPAA omnibus rule was adopted, which changed hipaa Business Associate`s compliance standards. .