The BAA model provided here (tk-Link to pdf) is widespread. Any effective use of such an agreement requires adaptation to the specific needs of the organization. There are only a few more thoughts here that a company could consider when developing a specific contract. probably. Most of the time, independent contractors and consultants will not be under your direct control and should be treated as business partners, which means they must be prepared to fully comply with HIPAA, including signing a BAA and taking responsibility for compliance. For this reason, it is preferable for BAAs to include in the breach notification section of the agreement a language such as “as soon as the offence has been discovered or should have been discovered”. Any contractor in contact with a PHI must sign a BAA. As these individuals and organizations are not directly under your control, they cannot be treated as collaborators. As such, they are considered trading partners. This means that they must be ready to respect HIPAA. These include the assumption of compliance responsibility and the signing of a HIPAA business association agreement. Therefore, whenever a covered business or counterparty enters into contracts with another party to provide services involving the exchange of PHI, the parties should carefully analyze the agreement to determine whether a counterparty agreement is necessary. “[A] a person or corporation that is not a member of the staff of a covered company, performs functions or activities on behalf of a covered company, or provides certain services that include consideration of protected health information.
A [BA] is also a subcontractor that creates, receives, manages or transmits protected health information on behalf of another [BA].” “BAA” is an acronym for the Business Associate Agreement, a branch concept for what HIPAA rules call a “Business Associate Contract.” Same thing. By law, the hipaa privacy rule only applies to covered institutions – health plans, health care compensation rooms and some health care providers.