Is A Business Associate Agreement Required
In these examples, a covered entity would have to enter into a counterparty agreement before it could authorize the software company to access [PHI]. However, when an employee of a contractor, such. B that a software or information technology provider has its main on-site service with a covered enterprise, the enterprise concerned may treat the employee of the supplier as a member of the staff of the covered enterprise and not as a business partner. Counterparty contracts. A covered company`s contract or other written agreement with its counterparty must contain the elements referred to in 45 CFR 164.504(e). For example, the contract must: describe the permitted and necessary use of the health information protected by the counterparty; provide that the counterparty does not use or disclose protected health information other than to the extent permitted, prescribed or prescribed by law; and request the counterparty to take appropriate security measures to prevent protected health information from being taken into account other than the contract or contract. . . .