A covered entity is not required to obtain such satisfactory assurances from a counterparty that is a subcontractor. In particular, the law requires you to sign a counterparty agreement before any work is done. Failure to do so could be a costly mistake. Level 2 &3: Product 1/2 Counterparty Agreement Washtenaw Community Health Organization Effective Date: Insert Date This Counterparty Agreement is entered into and made from the effective date above. . . .
[In addition to other permitted purposes, the parties should indicate whether the counterparty has the right to use protected health information to identify the information referred to in CFR 164.514(a)-(c). The parties may also wish to indicate how the counterparty will anonymize the information and the uses and disclosures of anonymous information authorized by the counterparty.] The counterparty agreement is necessary by HIPAA to allow a third party (3rd) party (“counterparty”) to access a medical practice`s protected health information (PHI) (“Covered Entity”). It describes the rules under which personal health records may be shared in accordance with federal law. After authorization, the counterparty is responsible for protecting all protected health information shared with specific instructions in the event of a security breach. The business partner is strictly forbidden to sell prohibited health information or use it for underwriting. (b) dismissal for unfounded cause. The counterparty shall authorize the termination of this Agreement by the Covered Entity if the Covered Entity finds that the Counterparty has breached an essential provision of the Agreement [and that the Counterparty has not cured or terminated the Breach within the period specified by the Covered Entity]. [A language in parentheses may be added if the undertaking concerned wishes to give the counterparty the opportunity to remedy a breach or breach of contract prior to termination for an indispensable reason.] « 1. A relevant entity may only allow a counterparty to produce, receive, maintain or transmit protected health information electronically on behalf of the entity collected if the entity concerned receives satisfactory assurances, in accordance with paragraph 164.314(a), that the counterparty adequately protects the information.