The HHS website offers sample agreements for business partners. As a proven method, all BAAs should be reviewed at least once a year as part of the annual review of key guidelines and procedures. In the event of an infringement or infringement, the corresponding BAAs should be reviewed and updated (or, if necessary, terminated) in order to correct the offence appropriately. The Department of Health and Human Services (HHS) has released a new fact sheet identifying specific HIPAA violations for which business partners may be directly responsible. The main areas of responsibility are the omission of a consideration: when a covered entity uses a counterparty, there must be a written agreement between the parties, called a counterparty agreement, which requires the counterparty to meet certain requirements in accordance with HIPAA rules. As HHS actively implements HIPAA rules, business partners should use the fact sheet to verify compliance with these requirements. They should also review their counterparty agreements to ensure that they meet their contractual obligations. Exceptions to the Business Associate Standard. The data protection rule contains the following exceptions to the Business Associate standard. See 45 CFR 164.502 (e). In these cases, an insured company is not required to enter into a counterparty contract or other written agreement until protected health information can be disclosed to the individual or legal person. By nature, certain personal data must be exchanged for things such as plan registration, inserwriting and claims processing. HIPAA`s goal is to ensure that this data remains secure and is only available to those with express authorization, either by the rules or by the patient.
As a result, covered entities are advised to provide only “minimal” details to resolve an application. In the event of an offence committed on or after February 18, 2009, civil law fines imposed on covered businesses and business partners are $100 to $50,000 per offence, with a maximum penalty of $1.5 million for all violations of an identical requirement in a calendar year. As a general plenipotentiary, you act on behalf of the insurance company and receive or pass on PHI to an agent among you or through an insurance company that you have more than likely designated as a business partner.