130 likes | 449 Views
September 27, 2002. HIPAA COW BA Agreement Template. 2. CREATION OF HIPAA COW BAC TEMPLATE. Drafted by Contracting Workgroup of the HIPAA COW Privacy Taskforce over many monthsMembers: Janice Ahlstrom--BORN Sue Bevsek--Covenant Health Care Wendy Bergh--Group Health Cooperative Tracey Klein--Reinhart Boerner Von Deuren SC Nancy LeMarbre
E N D
1. September 27, 2002 HIPAA COW BA Agreement Template 1 INTRODUCINGTHE HIPAA COW BUSINESS ASSOCIATE AGREEMENT TEMPLATE Carol Rubin
Co-Chair, HIPAA
Privacy Taskforce
2. September 27, 2002 HIPAA COW BA Agreement Template 2 CREATION OF HIPAA COW BAC TEMPLATE
3. September 27, 2002 HIPAA COW BA Agreement Template 3 BAC FORMATS Addendum
Sections to incorporate into a brand new contract
Stand-alone HIPAA Privacy Agreement?
4. September 27, 2002 HIPAA COW BA Agreement Template 4 LESSONS LEARNED Do not just insert provisions from the HIPAA statute or regulations
Minimize HIPAA definitions; do not need to define:
Covered Entity
Business Associate
Designated Record Set
Where a definition is essential to contract, reword or combine definitions to make it intelligible to BA
As much as possible, exclude all references to federal code which:
Could frighten unsophisticated BA’s
Force them to secure legal advice where they otherwise wouldn’t need to
BAC should help educate BAs, not force them to secure legal advice to understand totality of HIPAA law
5. September 27, 2002 HIPAA COW BA Agreement Template 5 ISSUES/CHALLENGES Use of PHI
Security Issues
Relationship of BAC and TPA
Reporting of Unauthorized Disclosures
Accounting of Disclosures
Term and Termination
Plus others
6. September 27, 2002 HIPAA COW BA Agreement Template 6 USE OF PHI How to harmonize:
The general prohibition on BA’s use
The BA use expressly permitted by contract, and
The use for BA’s “proper management and administration, or . . . . legal responsibilities. . .”
See Provisions 2, 3, and 4
7. September 27, 2002 HIPAA COW BA Agreement Template 7 HOW TO ADDRESS SECURITY ISSUES WHEN THE SECURITY RULE IS NOT FINAL Impose general security obligation to safeguard PHI on BA, Provision 5
If CE wants to review BA’s security safeguards, see Footnote 4
Plus, Provision 7 references conformance with more specific HIPAA security requirements once those regulations are effective if this BA receives PHI in electronic form
8. September 27, 2002 HIPAA COW BA Agreement Template 8 RELATIONSHIP OF BAC AND TRADING PARTNER AGREEMENT Provision 8: We inserted a very minimal TPA provision, to use if desired
Another HIPPA COW EDI taskforce is working on a TPA
Delete if BA does not conduct any Standard Transaction for you
Yes, a BA and a TPA, and a Chain of Trust agreement can be combined
But many Trading Partner relationships will not have an underlying BAC, for example, between a provider and a payer where provider only submits claims
9. September 27, 2002 HIPAA COW BA Agreement Template 9 REPORTING OF UNAUTHORIZED DISCLOSURES OR MISUSE See Provision 11
Establish and spell out the procedure now, not after the misuse
Helpful if all CEs used the same or similar procedure
10. September 27, 2002 HIPAA COW BA Agreement Template 10 BA’s TRACKING AND ACCOUNTING OF DISCLOSURES: PROVISION 13 Many legal concepts to fit into one provision, many of which might not be relevant to a particular BA
May appear intimidating to a BA
Exceptions at subsection (b) very significant, might eliminate all or most of the obligations of subsection (a)
11. September 27, 2002 HIPAA COW BA Agreement Template 11 TERM AND TERMINATION: PROVISION 15 AND FOOTNOTE 12 CD’s unilateral right to terminate will trouble BAs, but is legally required
Provision 15 is as explicit and non-threatening as possible
Added requirements of notice, reasonableness, good faith, and material breach, none of which are expressly referenced in HIPAA regulations (greatest expansion on HIPAA requirements)
12. September 27, 2002 HIPAA COW BA Agreement Template 12 MISCELLANEOUS:PROVISIONS 17 AND FOOTNOTES 14-17 Indemnification
Automatic amendment (lifted from DHSS model)
Response to subpoenas
Ownership of data and information
13. September 27, 2002 HIPAA COW BA Agreement Template 13 DISCUSSION/QUESTIONS?