HIPAA Privacy Compliance Agreement for Business Associates - Complying with the HITECH Privacy Provisions
About this form
The HIPAA Privacy Compliance Agreement for Business Associates is a legal document that ensures compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its amendments. Specifically, this agreement addresses the responsibilities of business associates in safeguarding protected health information (PHI) due to the changes introduced by the Health Information Technology for Economic and Clinical Health Act (HITECH Act). It outlines the required security standards and breach notification protocols that business associates must follow to protect health information shared by healthcare providers.
Key parts of this document
- Definitions: Clarifies key terms like "Protected Health Information" and "Breach".
- Obligations of Business Associate: Details the responsibilities regarding the safeguarding of PHI and breach notifications.
- Permitted Uses and Disclosures: Specifies how and when PHI can be used or disclosed.
- Remedies in Event of Breach: Outlines the actions available to the Covered Entity in case of a breach.
- Termination Provisions: Describes the conditions under which the agreement may be terminated.
When this form is needed
This form should be used whenever a healthcare provider (the Covered Entity) collaborates with a third-party service provider (the Business Associate) that handles sensitive patient information. It is essential whenever software, administrative, or consulting services that involve access to PHI are provided, ensuring that both parties adhere to HIPAA and HITECH Act requirements.
Who should use this form
- Healthcare Providers: For those sharing PHI with external vendors or service providers.
- Business Associates: Organizations providing services to healthcare providers that involve PHI handling.
- Compliance Officers: Individuals responsible for HIPAA compliance within healthcare organizations.
How to prepare this document
- Identify the parties: Fill in the names of the Covered Entity and Business Associate along with their respective addresses.
- Define the relationship: Describe the nature of the business relationship and the services provided.
- Specify obligations: Ensure that both parties understand their responsibilities regarding PHI.
- Fill in required dates: Include the date the agreement is made and any relevant timeframes for notifications or actions.
- Signatures: Both parties must sign the agreement to make it legally binding.
Does this document require notarization?
Notarization is generally not required for this form. However, certain states or situations might demand it. You can complete notarization online through US Legal Forms, powered by Notarize, using a verified video call available anytime.
Get your form ready online
Our built-in tools help you complete, sign, share, and store your documents in one place.
Make edits, fill in missing information, and update formatting in US Legal Forms—just like you would in MS Word.
Download a copy, print it, send it by email, or mail it via USPS—whatever works best for your next step.
Sign and collect signatures with our SignNow integration. Send to multiple recipients, set reminders, and more. Go Premium to unlock E-Sign.
If this form requires notarization, complete it online through a secure video call—no need to meet a notary in person or wait for an appointment.
We protect your documents and personal data by following strict security and privacy standards.
Make edits, fill in missing information, and update formatting in US Legal Forms—just like you would in MS Word.
Download a copy, print it, send it by email, or mail it via USPS—whatever works best for your next step.
Sign and collect signatures with our SignNow integration. Send to multiple recipients, set reminders, and more. Go Premium to unlock E-Sign.
If this form requires notarization, complete it online through a secure video call—no need to meet a notary in person or wait for an appointment.
We protect your documents and personal data by following strict security and privacy standards.
Typical mistakes to avoid
- Failing to define all relevant terms clearly, leading to misunderstandings.
- Not including all required parties, which can result in compliance issues.
- Ignoring state-specific legal requirements that may apply.
- Not updating the agreement when there are changes in services or regulations.
Benefits of using this form online
- Convenience: Easily fill out and download the agreement without the need for physical forms.
- Editability: Modify the document on your computer as necessary before finalizing.
- Reliability: Use templates drafted by licensed attorneys, ensuring legal compliance.
- The agreement is enforceable if completed accurately and signed by both parties.
- Failure to complete or enforce the agreement could result in legal consequences for either party in the event of a data breach.
What to keep in mind
- The HIPAA Privacy Compliance Agreement is essential for any business associate handling PHI.
- This form outlines responsibilities for safeguarding patient information and breach notification.
- Ensure compliance with both federal and state requirements when using this form.
- HIPAA: Health Insurance Portability and Accountability Act, federal law aimed at protecting sensitive patient information.
- PHI: Protected Health Information, any individually identifiable health information.
- Breach: Unauthorized access or disclosure of PHI.
Looking for another form?
Form popularity
FAQ
Business Associates Must Self-Report HIPAA Breaches. The risk of penalties is compounded by the fact that business associates must self-report HIPAA breaches of unsecured PHI to covered entities,14 and covered entities must then report the breach to affected individual(s), HHS, and, in certain cases, to the media.
Who Must Follow These Laws. We call the entities that must follow the HIPAA regulations "covered entities." Covered entities include: Health Plans, including health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
A Business Associate Contract, or Business Associate Agreement, is a written arrangement that specifies each party's responsibilities when it comes to PHI.This means that organizations must have a Business Associate Agreement (BAA) for all three levels in order to meet the requirements of HIPAA.
§ 164.524(c)(4) against business associates because the HITECH Act does not apply the fee limitation provision to business associates.If the fee charged is in excess of the fee limitation, OCR can take enforcement action against only the covered entity.
Develop a Cohesive Privacy Policy. Adopt and implement a comprehensive security policy. Hire a Dedicated Security Staff. Have an Internal Auditing Process. Stipulate Specific Email Policies. Establish Explicit Training Protocols. Understand Breach Notification Requirements. Secure Relationships with Business Associates.
Employers may not be aware they may be considered covered entities under HIPAA.An employer may also be considered a business associate of its insurance provider, if it receives protected health information while performing services for the insurance provider or another covered entity.
The HIPAA Rules apply to covered entities and business associates.In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.
By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses, and certain health care providers. Instead, they often use the services of a variety of other persons or businesses.
Do not allow any impermissible uses or disclosures of PHI. Provide breach notification to the Covered Entity. Provide either the individual or the Covered Entity access to PHI. Disclose PHI to the Secretary of HHS, if compelled to do so.
