The parties agree to take the necessary steps to amend this BAA from time to time to enable the facility to meet hipaa requirements. (f) A reference in this BAA to a section of the Privacy Rule or Security Policy means the items, as amended or modified, for which compliance is required. (g) Any ambiguity in this BAA will be dispelled in favor of a meaning that allows the institution to comply with HIPAA. (h) This BAA is binding on the parties and their respective successors and assigns. (i) Nothing in this BAA shall be construed as limiting the right of either party to join another person or entity on a limited or general basis or to enter into a contract with another person or entity for as long as such BAA is in effect. (k) The Contractor`s respective rights and obligations under Sections E and F of this BAA shall continue to apply after termination of the BAA. By law, the HIPAA privacy rule only applies to covered companies – health plans, health care clearing houses, and certain health care providers. However, most health care providers and health care plans do not perform all of their health activities and functions themselves. Instead, they often use the services of a variety of other people or companies. The confidentiality rule allows covered health care providers and plans to share protected health information with these “business partners” if the providers or plans receive satisfactory assurances that the business partner will only use the information for the purposes for which it was engaged by the collected entity, protect the information from misuse, and help the covered entity comply with some of the obligations of the covered entity under the To comply with the data protection rule.
Collected companies may disclose protected health information to an entity in its role as a business partner only to assist the captured entity in performing its healthcare tasks – and not for the use or purposes independent of the business partner, unless this is necessary for the proper administration and administration of the business partner. Business Partnership Agreements consist of information about permitted and prohibited uses of PSR between two HIPAA-related organizations. The contract should require the business partner to take appropriate administrative, technical and physical safeguards in accordance with the security rule to ensure the confidentiality, integrity and availability of the ePHI. Contracts can also be formatted to detail the relationship between a covered company and a business partner, as well as the relationship between two business partners. The Contractor agrees that if the Facility determines or has reasonable grounds to believe that the Contractor has used, disclosed or provided access to the Information in a manner not authorized by this BAA, the Entity may, in its sole discretion, request the Contractor to: (a) promptly investigate and provide the Entity with a written record of the Contractor`s decision regarding any allegation or provide a disclosure, unauthorized access or use; (b) put an end to such practices without delay; (c) return or destroy any information to the institution; and (d) take such other reasonable measures as the Facility considers appropriate […].