HIPAA Business Associate Contracts Content Profile, v1.0
Profile of HIPAA requirements for the contents of Business Associate Contracts/Agreements between a covered entity and its business associates or other subcontractors per 45 CFR Section 164.504.
| Identifier | https://artifacts.trustmarkinitiative.org/lib/tips/hipaa-business-associate-contracts-content-profile/1.0/ | ||||
| Publication Date | 2017-02-17 | ||||
| Issuing Organization |
Trustmark Initiative (https://trustmarkinitiative.org/)
View Contact
|
||||
| Keywords | There are no keywords. | ||||
| Legal Notice | This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TD_BusinessAssociateContractsCoveredEntityCompliance and TD_BusinessAssociateContractsCompliance and TD_BusinessAssociateContractsEstablishUses and TD_BusinessAssociateContractsImplementation and TD_BusinessAssociateContractsSecuritySafeguards and TD_BusinessAssociateContractsBreachNotification and TD_BusinessAssociateContractsEnforceSubcontractors and TD_BusinessAssociateContractsPHIAvailable and TD_BusinessAssociateContractsPHIAmendment and TD_BusinessAssociateContractsDisclosureAccounting and TD_BusinessAssociateContractsPrivacyRuleCompliance and TD_BusinessAssociateContractsRecordsExamination and TD_BusinessAssociateContractsTerminationDestruction and TD_BusinessAssociateContractsTerminationAuthorization
References (14)
| TD Business Associate Contracts - Covered Entity Compliance, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). A covered entity would not be in compliance if aware the business associate violated its contract obligations and did not remedy them. |
| ID | TD_BusinessAssociateContractsCoveredEntityCompliance |
| Provider Reference | |
| TD Business Associate Contracts - Compliance, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). A business associate would not be in compliance if aware a subcontractor violated its contract obligations and did not fix them. |
| ID | TD_BusinessAssociateContractsCompliance |
| Provider Reference | |
| TD Business Associate Contracts - Establish Uses, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The contract cannot allow further use or disclosure by the business association of information that would violate regulations. |
| ID | TD_BusinessAssociateContractsEstablishUses |
| Provider Reference | |
| TD Business Associate Contracts - Implementation, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The contract must limit use or disclosure as permitted or required by contract or law. |
| ID | TD_BusinessAssociateContractsImplementation |
| Provider Reference | |
| TD Business Associate Contracts - Security Safeguards, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The contract must provide that the business associate will use safeguards to prevent unauthorized use or disclosure of e-PHI. |
| ID | TD_BusinessAssociateContractsSecuritySafeguards |
| Provider Reference | |
| TD Business Associate Contracts - Breach Notification, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must report to the covered entity any unauthorized use or disclosure (breaches) of PHI. |
| ID | TD_BusinessAssociateContractsBreachNotification |
| Provider Reference | |
| TD Business Associate Contracts - Enforce Subcontractors, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must ensure that any subcontractor abide by the same law and contract requirements. |
| ID | TD_BusinessAssociateContractsEnforceSubcontractors |
| Provider Reference | |
| TD Business Associate Contracts - PHI Available, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must make available PHI to individuals as provided by regulations. |
| ID | TD_BusinessAssociateContractsPHIAvailable |
| Provider Reference | |
| TD Business Associate Contracts - PHI Amendment, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must amend PHI by individuals as provided by regulations. |
| ID | TD_BusinessAssociateContractsPHIAmendment |
| Provider Reference | |
| TD Business Associate Contracts - Disclosure Accounting, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must provide an accounting of disclosure of PHI as provided by regulations. |
| ID | TD_BusinessAssociateContractsDisclosureAccounting |
| Provider Reference | |
| TD Business Associate Contracts - Privacy Rule Compliance, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must carry out a covered entity's obligations and comply with regulations during such performance. |
| ID | TD_BusinessAssociateContractsPrivacyRuleCompliance |
| Provider Reference | |
| TD Business Associate Contracts - Records Examination, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must make its internal documents available to the Secretary to determine the covered entity's compliance. |
| ID | TD_BusinessAssociateContractsRecordsExamination |
| Provider Reference | |
| TD Business Associate Contracts - Termination Destruction, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). At contract termination, business associate must return or destroy all PHI received from or created on behalf of covered entity, if feasible, or extend protection of contract. |
| ID | TD_BusinessAssociateContractsTerminationDestruction |
| Provider Reference | |
| TD Business Associate Contracts - Termination Authorization, v1.0 | |
|---|---|
| Description | Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). Covered entity must be authorized to terminate contract if business associate has violated a material term. |
| ID | TD_BusinessAssociateContractsTerminationAuthorization |
| Provider Reference | |
Terms (10)
| Term Name | Abbreviations | Definition |
|---|---|---|
| Business Associate | BA | Covered entities engage "business associates" to work on their behalf. A business associate is a person (not part of the workforce of the covered entity) or organization that creates, receives, maintains, or transmits protected health information on behalf of the covered entity. Covered entities must have contracts or other arrangements in place with their business associates to ensure that the business associates safeguard protected health information, and use and disclose the information only as permitted or required by the Privacy Rule. A covered entity may be a business associate of another covered entity. |
| Correctional Institution | CI | Correctional institution means any penal or correctional facility, jail, reformatory, detention center, work farm, halfway house, or residential community program center operated by, or under contract to, the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, for the confinement or rehabilitation of persons charged with or convicted of a criminal offense or other persons held in lawful custody. Other persons held in lawful custody includes juvenile offenders adjudicated delinquent, aliens detained awaiting deportation, persons committed to mental institutions through the criminal justice system, witnesses, or others awaiting charges or trial. |
| Covered Entity | CE | The Administrative Simplification provisions of HIPAA apply to three types of entities, which are known as "covered entities": 1) health care providers if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard, 2) health plans, and 3) health care clearinghouses. A covered entity may be a business associate of another covered entity. |
| Disclosure | Disclosure means the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information. | |
| Electronic Protected Health Information | e-PHI | Electronic protected health information means protected health information (PHI) that is transmitted by electronic means or maintained in electronic media. |
| Health Insurance Portability and Accountability Act of 1996 | HIPAA | The HIPAA law includes Administrative Simplification provisions that require adoption of national standards for electronic health care transactions and code sets, unique health identifiers, and security. Additionally, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information. |
| Plan Administration Functions | PAF | Plan administration functions means administration functions performed by the plan sponsor of a group health plan on behalf of the group health plan and excludes functions performed by the plan sponsor in connection with any other benefit or benefit plan of the plan sponsor. |
| Protected Health Information | PHI | Protected health information (PHI) means "individually identifiable health information" that is transmitted by electronic means or maintained in electronic media or transmitted or maintained in any other form or medium, except it excludes individually identifiable health information:
|
| Summary Health Information | Information, that may be individually identifiable health information, and that summarizes the claims history, claims expenses, or type of claims experienced by individuals. | |
| U.S. Department of Health and Human Services | HHS | The U.S. Department of Health and Human Services' (HHS) mission is to enhance and protect the health and well-being of all Americans by providing for effective health and human services and fostering advances in medicine, public health, and social services. |