Business Associate Agreement LanguageSeptember 13, 2021 6:17 am
CONSIDERING that the Covered Entity has entrusted the Counterparty with providing to or on behalf of the Covered Entity certain services described and defined in one or more separate service agreements between the Parties, order forms and/or specifications (together “Service Agreement”), and, in connection with such services, the Counterparty may use or disclose certain individual health information subject to the protections provided by hipaa protection and security rules; and this form applies only to the agreement between a counterparty and a covered company. Counterparties must subscribe to separate BAAs with their subcontractors. A lawyer may modify this form to meet the subcontractor`s baa requirements, or design a separate subcontractor BAA. Counterparty contracts. A covered company`s contract or other written agreement with its counterparty must contain the elements referred to in 45 CFR 164.504(e). For example, the contract must: describe the permitted and necessary use of the health information protected by the counterparty; provide that the counterparty does not use or disclose protected health information other than to the extent permitted, prescribed or prescribed by law; and request the counterparty to take appropriate security measures to prevent protected health information from being taken into account other than the contract or contract. Where a covered entity is aware of a breach or material breach of the contract or agreement by the counterparty, the covered entity shall be required to take appropriate measures to remedy the breach or to bring the breach to an end, and if those measures are unsuccessful to terminate the contract or agreement. If termination of the contract or agreement is not possible, a covered organization must report the issue to the Department of Health and Human Services `HHS) Office of Civil Rights (OCR). Please see our standard contract for business partners. The data protection rule requires that a covered entity receive satisfactory assurances from it that the counterparty adequately protects the protected health information it receives or produces on behalf of the covered company. . . .