Covered companies (CE) can try to include a language in their contracts via very short reporting windows for infringements. For example, a CE might include something like “The trading partner will report all violations within three days of the violation.” This seems reasonable, unless we consider that the BA may not have taken note of the violation until a few days later. For individuals and organizations working in the health professions, here is a short backgrounder by Julie L. Hamlet and Ray H. Littleton of our Health Law Group on commercial partnership agreements and the need to consult your lawyer for review to avoid consequences. If necessary, failure to enter into HIPAA-compliant business partner agreements can result in high penalties against covered companies and business partners. Any entrepreneur who comes into contact with a PHI must sign a BAA. Because these people and organizations are not under your direct control, they cannot be treated as employees. As such, they are considered business partners. This means they must be prepared to comply with HIPAA. This includes responsibility for compliance and signing a HIPAA business partnership agreement. There are some exceptions to the requirement to sign a commercial partnership agreement. These include specialists to whom a hospital gives a patient and submits the patient`s health card for treatment, laboratories to which a physician discloses a patient`s PSR for treatment, and disclosure of PSR through a group health plan to a health plan sponsor such as an employer.
A BAA is an essential document that protects covered companies and their business partners. It also establishes liability and limitations for both parties, so the advice of a lawyer is always needed. TRADING PARTNERS UNDER HIPAA are making headlines, and not in a good way. The worst news HIPAA so far this year has been the breach of 20 million patient information caused by a business partner. If you are a covered entity, you need to know who your business partners are, and if you are a business partner, you need to learn what you need to do. The cost of non-compliance can be staggering. What is a “business partner”? A “Business Partner” is a natural or legal person who performs certain functions or activities that involve the use or disclosure of protected health information on behalf of or services provided to a relevant company. A staff member of the covered company is not a business partner. An insured health care provider, health care plan, or health care exchange house may be a business partner of another covered entity. The privacy rule lists some of the features or activities, as well as the respective services that make a natural or legal person a business partner if the activity or service involves the use or disclosure of protected health information….