In the simplest case, a Business Associate Agreement (BAA) is a legal contract between a health care provider and a person or organization that, as part of its services, has access, transmits or stores protected health information (PHI) for the provider. Whether you prefer to call it business associate agreement or, like HIPAA, business Associate Contract, they are both ways an important part of an organization`s efforts to be HIPAA compatible. Below, we`ve put together the basic components and definitions of a HIPAA business association agreement model that you can browse. Keep in mind that ACCORDS are legally binding agreements, so it`s best to have a designated security officer, lawyer or HIPAA compliance solution that will help you navigate these contracts. 4. Report security incidents and privacy violations to the covered organization. (45 CFR 164.314 (a), 164.410 and 164.502 (e)). Counterparts who violate HIPAA may be fined between $100 and more than $50,000 per violation. CFR 160.404). If the violation is the result of intentional negligence, the Office of Civil Rights (“OCR”) must impose a fine of at least $10,000 per violation. (Id.) If the trading partner has intentionally issued and does not correct the violation within 30 days, the OCR must impose a fine of at least $50,000 per violation. (Id.) A single offence can result in many offences. For example, the loss of a laptop containing hundreds of PHI patients can represent hundreds of offenses.

Similarly, every day when a covered company or counterparty does not implement a necessary directive is a separate offence. CFR 160.406). In addition to regulatory sanctions, counterparties that do not comply with counterparty agreements may also be held liable for contractual damages and/or compensation requirements in the counterparty agreement. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) stipulates that covered companies must enter into contracts with their trading partners to ensure that counterparties properly protect protect protected health information (“PHI”).