1 / 13

introducing the hipaa cow business associate agreement template

September 27, 2002. HIPAA COW BA Agreement Template. 2. CREATION OF HIPAA COW BAC TEMPLATE. Drafted by Contracting Workgroup of the HIPAA COW Privacy Taskforce over many monthsMembers: Janice Ahlstrom--BORN Sue Bevsek--Covenant Health Care Wendy Bergh--Group Health Cooperative Tracey Klein--Reinhart Boerner Von Deuren SC Nancy LeMarbre

ostinmannual
Download Presentation

introducing the hipaa cow business associate agreement template

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. September 27, 2002 HIPAA COW BA Agreement Template 1 INTRODUCING THE HIPAA COW BUSINESS ASSOCIATE AGREEMENT TEMPLATE Carol Rubin Co-Chair, HIPAA Privacy Taskforce

    2. September 27, 2002 HIPAA COW BA Agreement Template 2 CREATION OF HIPAA COW BAC TEMPLATE

    3. September 27, 2002 HIPAA COW BA Agreement Template 3 BAC FORMATS Addendum   Sections to incorporate into a brand new contract   Stand-alone HIPAA Privacy Agreement?

    4. September 27, 2002 HIPAA COW BA Agreement Template 4 LESSONS LEARNED Do not just insert provisions from the HIPAA statute or regulations   Minimize HIPAA definitions; do not need to define: Covered Entity Business Associate Designated Record Set Where a definition is essential to contract, reword or combine definitions to make it intelligible to BA   As much as possible, exclude all references to federal code which: Could frighten unsophisticated BA’s Force them to secure legal advice where they otherwise wouldn’t need to BAC should help educate BAs, not force them to secure legal advice to understand totality of HIPAA law

    5. September 27, 2002 HIPAA COW BA Agreement Template 5 ISSUES/CHALLENGES Use of PHI Security Issues Relationship of BAC and TPA Reporting of Unauthorized Disclosures Accounting of Disclosures Term and Termination Plus others

    6. September 27, 2002 HIPAA COW BA Agreement Template 6 USE OF PHI How to harmonize: The general prohibition on BA’s use The BA use expressly permitted by contract, and The use for BA’s “proper management and administration, or . . . . legal responsibilities. . .” See Provisions 2, 3, and 4

    7. September 27, 2002 HIPAA COW BA Agreement Template 7 HOW TO ADDRESS SECURITY ISSUES WHEN THE SECURITY RULE IS NOT FINAL Impose general security obligation to safeguard PHI on BA, Provision 5 If CE wants to review BA’s security safeguards, see Footnote 4 Plus, Provision 7 references conformance with more specific HIPAA security requirements once those regulations are effective if this BA receives PHI in electronic form

    8. September 27, 2002 HIPAA COW BA Agreement Template 8 RELATIONSHIP OF BAC AND TRADING PARTNER AGREEMENT Provision 8: We inserted a very minimal TPA provision, to use if desired Another HIPPA COW EDI taskforce is working on a TPA Delete if BA does not conduct any Standard Transaction for you Yes, a BA and a TPA, and a Chain of Trust agreement can be combined But many Trading Partner relationships will not have an underlying BAC, for example, between a provider and a payer where provider only submits claims

    9. September 27, 2002 HIPAA COW BA Agreement Template 9 REPORTING OF UNAUTHORIZED DISCLOSURES OR MISUSE See Provision 11 Establish and spell out the procedure now, not after the misuse Helpful if all CEs used the same or similar procedure

    10. September 27, 2002 HIPAA COW BA Agreement Template 10 BA’s TRACKING AND ACCOUNTING OF DISCLOSURES: PROVISION 13 Many legal concepts to fit into one provision, many of which might not be relevant to a particular BA May appear intimidating to a BA Exceptions at subsection (b) very significant, might eliminate all or most of the obligations of subsection (a)

    11. September 27, 2002 HIPAA COW BA Agreement Template 11 TERM AND TERMINATION: PROVISION 15 AND FOOTNOTE 12 CD’s unilateral right to terminate will trouble BAs, but is legally required Provision 15 is as explicit and non-threatening as possible Added requirements of notice, reasonableness, good faith, and material breach, none of which are expressly referenced in HIPAA regulations (greatest expansion on HIPAA requirements)

    12. September 27, 2002 HIPAA COW BA Agreement Template 12 MISCELLANEOUS: PROVISIONS 17 AND FOOTNOTES 14-17 Indemnification Automatic amendment (lifted from DHSS model) Response to subpoenas Ownership of data and information

    13. September 27, 2002 HIPAA COW BA Agreement Template 13 DISCUSSION/QUESTIONS?

More Related