Rider or Collateral Agreement to HIPAA Privacy Compliance Agreement for Business Associates - HITECH Act
What is this form?
The Rider or Collateral Agreement to HIPAA Privacy Compliance Agreement for Business Associates is a legal document that supplements an existing contract between a healthcare provider (Covered Entity) and a service provider (Business Associate). This agreement is designed to ensure compliance with the Health Information Technology for Economic and Clinical Health Act (HITECH Act) and the Health Insurance Portability and Accountability Act (HIPAA). It primarily focuses on the handling of Protected Health Information (PHI) and outlines the responsibilities of the Business Associate regarding the security and privacy of PHI exchanged during their business relationship.
Key parts of this document
- Definitions section outlining terms such as Business Associate, Covered Entity, and PHI.
- Obligations and activities of the Business Associate regarding the use and protection of PHI.
- Permitted uses and disclosures of PHI by the Business Associate.
- Remedies and termination provisions in the event of a breach of the agreement.
- Provisions for compliance with state laws that may impose stricter requirements.
Situations where this form applies
This form should be used when a healthcare provider establishes a business relationship with a service provider that involves the handling of Protected Health Information (PHI). It is essential in circumstances where the business associate will have access to electronic health data, ensuring compliance with HIPAA and HITECH regulations regarding privacy and security. Use this form to clarify the responsibilities of the involved parties and to protect patient information during business transactions.
Intended users of this form
- Healthcare providers and organizations that are classified as Covered Entities under HIPAA.
- Business associates who provide services involving access to PHI, including IT services, data management, and billing.
- Legal professionals overseeing compliance with HIPAA and HITECH regulations.
Completing this form step by step
- Identify and enter the date the agreement is being made at the top of the form.
- Fill in the names and addresses of the Covered Entity and Business Associate in the designated fields.
- Clearly describe the services performed by both parties, particularly those involving PHI.
- Specify any obligations of the Business Associate regarding the protection of PHI as outlined in the form.
- Both parties must sign and date the agreement to validate it legally.
Does this form need to be notarized?
In most cases, this form does not require notarization. However, some jurisdictions or signing circumstances might. US Legal Forms offers online notarization powered by Notarize, accessible 24/7 for a quick, remote process.
Get your form ready online
Our built-in tools help you complete, sign, share, and store your documents in one place.
Make edits, fill in missing information, and update formatting in US Legal Forms—just like you would in MS Word.
Download a copy, print it, send it by email, or mail it via USPS—whatever works best for your next step.
Sign and collect signatures with our SignNow integration. Send to multiple recipients, set reminders, and more. Go Premium to unlock E-Sign.
If this form requires notarization, complete it online through a secure video call—no need to meet a notary in person or wait for an appointment.
We protect your documents and personal data by following strict security and privacy standards.
Make edits, fill in missing information, and update formatting in US Legal Forms—just like you would in MS Word.
Download a copy, print it, send it by email, or mail it via USPS—whatever works best for your next step.
Sign and collect signatures with our SignNow integration. Send to multiple recipients, set reminders, and more. Go Premium to unlock E-Sign.
If this form requires notarization, complete it online through a secure video call—no need to meet a notary in person or wait for an appointment.
We protect your documents and personal data by following strict security and privacy standards.
Common mistakes
- Failing to define all relevant terms related to PHI and the responsibilities of each party.
- Not including all necessary signatures or dates, which may invalidate the agreement.
- Ignoring state-specific requirements that may affect the application of the agreement.
- Allowing gaps in the description of services that do not clarify how PHI will be handled.
Benefits of using this form online
- Immediate access to professionally drafted templates for convenience.
- Editable fields allow for quick customization to fit specific business relationships.
- Reliable compliance with HIPAA and HITECH regulations to protect patient information.
- No need for physical storage; forms can be downloaded and stored digitally.
Looking for another form?
Form popularity
FAQ
A Business Associate Contract, or Business Associate Agreement, is a written arrangement that specifies each party's responsibilities when it comes to PHI.This means that organizations must have a Business Associate Agreement (BAA) for all three levels in order to meet the requirements of HIPAA.
By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses, and certain health care providers. Instead, they often use the services of a variety of other persons or businesses.
What Is a Business Associate? A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. A member of the covered entity's workforce is not a business associate.
A HIPAA business associate agreement is a contract between a HIPAA-covered entity and a vendor used by that covered entity.A signed HIPAA business associate agreement must be obtained by the covered entity before allowing a business associate to come into contact with PHI or ePHI.
Business associates of HIPAA covered entities include third-party administrators, billing companies, transcriptionists, cloud service providers, data storage firms electronic and physical records, EHR providers, consultants, attorneys, CPA firms, pharmacy benefits managers, claims processors, collections agencies,
The HIPAA Rules apply to covered entities and business associates.In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.
A BAA is a signed document that affirms a third-party service provider's willingness to accept responsibility for the safety of your clients' PHI, maintain appropriate safeguards, and comply with HIPAA requirements when they handle PHI on your behalf. BAAs are necessary if you're a covered entity.
A business associate also is directly liable and subject to civil penalties for failing to safeguard electronic protected health information in accordance with the HIPAA Security Rule. Contracts between business associates and business associates that are subcontractors are subject to these same requirements.
