HealthcareITSecurity recently looked at the specifics of an important piece of modern healthcare: The Business Associates Agreement. This document is a necessity for entities that want to comply with HIPAA and work with any other related organizations. This extends to companies that are typically considered "subcontractors" or otherwise some sort of outside help.
According to this source, the critical element is the existence of Protected Health Information. Any business that works with a patient's personal data could potentially endanger them by revealing this information.
There should not only be an accurate and updated description of what this information is, but an agreed-upon system for enforcing protection. In addition to this, a new agreement is needed for every partner that gets involved with a project so all are operating under the same rules.
On the Department of Health and Human Services website, a January 2013 guideline lists some of the definitions that apply to a "business associate" in a healthcare context.
"A business associate is directly liable under the HIPAA Rules and subject to civil and, in some cases, criminal penalties for making uses and disclosures of protected health information that are not authorized by its contract or required by law," it reads. It also says that any associate needs to uphold the HIPAA Security Rule as well as the standards of individual agreements.
To make sure that all participants uphold their ends of the deals, HIPAA compliance software will let you determine how closely you adhere to these regulations before you enter into any agreements. Once you have the same understanding of protected healthcare information as the government, it'll be easier to create other agreements in the future.