HIPAA Associates Agreement



HIPAA Business Associates Agreement

Product Information

There is a simple rule-of-thumb when it comes to an associates agreement:

IF you have someone, who is NOT an employee of yours, that may have access to PHI, you should have a business associates agreement on file with them.

Guess what?
If you have had a business associates agreement with someone for years…it is out of date and must be updated.

Things have changed greatly.

As you see below, there are many references to a business associates agreement in the regulations.
It can be very complicated…but…as usual:
…Don’t worry
…We’ve made this easy for you.

If you don’t have an associates agreement in place with the correct people, you are in a dangerous situation.
Examples include:

  • IT Support Company
  • EHR Vendor
  • Visiting Physicians
  • Temporary Office Staff or Nurses
  • Billing Company
  • Cleaning crew
  • Photocopier Service Company
  • Much, much more….

What You Get

A complete, yet customize-able business associates agreement.
Policy and Procedure for implementation of the business associates agreement.
PHI Brief – this briefing is for non-medical contractors.
This briefing gives the simple details a non-medical contractor
needs to understand about PHI, what PHI is and that they are not to talk about it.

What The Reg Says

CFR 164.502(A)(3) – Permitted uses and disclosures
CFR 164.502(A)(4) – Required uses and disclosures
CFR 164.502(A)(5) – Prohibited uses and disclosures

CFR 164.308(b)(2)
A business associate may permit a business associate that is a subcontractor to create, receive, maintain, or transmit electronic protected health information on its behalf only if the business associate obtains satisfactory assurances, in accordance with §164.314(a), that the subcontractor will appropriately safeguard the information.

CFR 314(a)(2)(i)
Business associate contracts. The contract must provide that the business associate will—
(A) Comply with the applicable requirements of this subpart;
(B) In accordance with §164.308(b)(2), ensure that any subcontractors that create, receive, maintain, or transmit electronic protected health information on behalf of the business associate agree to comply with the applicable requirements of this subpart by entering into a contract or other arrangement that complies with this section; and
(C) Report to the covered entity any security incident of which it becomes aware, including breaches of unsecured protected health information as required by §164.410.

Only $75

Immediate Download