[Option 2 – Reference to an underlying service agreement, z.B.“ „as necessary to provide the services defined in the service agreement.“] 2. Provide that the counterparty will not use or disclose the information, except for the contract or the law. o provide the information needed to keep the data; (f) [optional] Counterparties may provide protected health information for the proper management and management of the counterparty or to fulfill the legal responsibilities of the counterparty, when the information is required by law, or if the consideration receives from the person to whom the information is disclosed, reasonable assurances that the information remains confidential and confidential or that it is disseminated , only to the extent that the law requires it or for purposes for which they have been passed on to the person to whom it is transmitted. , and the person informs the partner of any cases of which he is aware, in which the confidentiality of the information has been violated. After the end of this agreement for some reason, Business Associate is returned to covered companies [or, if agreed by covered companies, destroying] any health information protected by companies covered, or created, maintained, or received by trading partners on behalf of the covered entity that the counterparty still manages in any form. The counterparty must not keep copies of the protected health information. HIPAA allows for the inclusion of additional rights of a counterparty, such as. B, the ability for the counterparty to use and disclose protected health information for the proper management and management of the counterparty and to provide data aggregation services related to the health operations of the covered entity. HIPAA requires that a covered company enter into a HIPAA-compliant counterparty agreement with all counterparties.
In addition, all counterparties must enter into HIPAA-compliant counterparty contracts with subcontractors who perform certain functions and have access to the covered company`s PHI. d) make sure, if, in accordance with 45 CFR 164.502 (e) (1) (ii) and 164.308 (b) (2), all subcontractors who produce, receive, maintain or transmit protected health information on behalf of the counterparty accept the same restrictions, conditions and requirements that apply to the counterparty with respect to this information; Determine authorized and necessary uses and the disclosure of protected health information by the counterparty. The contract does not allow the counterparty to use or disclose the information in a manner that would infringe HIPAA; In accordance with the Health Insurance Portability and Accountability Act of 1996 and the „HIPAA“ rules, covered businesses and business partners are required to comply with hipaa. A covered company includes health care providers who transmit information in electronic form as part of a transaction under HIPAA, health plans and health compensation rooms. In particular, when a health care provider issues, invoices or receives payment for health care and transfers these transactions electronically, the provider is an entity covered by HIPAA. 10. Allow the termination of the contract by the registered entity if the consideration contravenes a substantial term of the contract. CEs and AAS must execute a matching agreement before using or disclosing PHI. To have a valid BAA, the BAA must use the following elements („BA contractual obligations“)[3]: (e) [optional] Counterparties may use protected health information for the proper management and management of the counterparty or to fulfill the legal responsibilities of the counterparty.
