Draft Business Associate Agreement
CONSIDERANT that the contracting parties wish to define the conditions under which business associate may use or disclose PHI, so that the covered unit can comply with applicable data protection and hipaa security requirements and the HITECH requirements applicable to counterparties. [Option 2 – where the agreement authorizes the counterparty to use or disclose protected health information for its own management and administration, or to exercise its legal obligations, and the counterparty must retain protected health information for such purposes after the termination of the contract] Some covered companies require counterparties to send written confirmation that all copies of PHI delivered by the covered entity to companies destroyed by counterparties have been destroyed. A lawyer may add this condition if desired by a covered unit. 1.6. “HITECH Act” is subtitle D of the Health Information Technology for Economic and Clinical Health Act Provisions of the American Recovery and Reinvestment Act of 2009, 42.S.C. (d) if applicable, in accordance with 45 CFR 164.502 (e) (1) (ii) and 164.308 (b) (2), ensure that all subcontractors who produce, send or submit protected health information on behalf of the counterparty accept the same restrictions, conditions and conditions that apply to the counterparty with respect to this information; CONSIDERING that the entity concerned has obliged the counterparty to provide specific services for or for hedging entities that are described and defined in one or more separate agreements for services between the parties, order forms and/or work declarations (a “service agreement”) package, and that they may use or disclose, in conjunction with those services, certain individual health information protected by data protection and data protection rules; and (a) counterparties may only use or disclose protected health information (a) interested parties who inform counterparties of any restrictions on the company`s confidentiality notice insured in accordance with 45 CFR 164.520, as this restriction may affect the use or disclosure of health information protected by counterparties. [The parties may add an additional specificity to the way the counterparty responds to an access request that the counterparty receives directly from the person (for example. (b) the question of whether a counterparty should grant the requested access and in what time, or whether the counterparty transmits the person`s request to the entity concerned to respond to it) and the time frame within which the counterparty can transmit the information to the entity concerned.] A corporate lawyer can help you develop a data management policy with a record retention schedule to ensure HIPAA compliance and to refute any charges of intentional negligence.