Add a scanned version of the implementation form and a signed and dated transaction agent BAA agreement The HIPAA Data Protection Rule describes the types of entities covered by HIPAA and the entities that must comply with HIPAA security and data protection policies. The main categories are clearing houses, covered entities (CEs) and counterparties. The further away the subcontractor is from the covered entity, the more confusion there is as to who is actually a business partner and who should sign a counterparty agreement. BAAs must be signed by all covered entities when their counterparty processes PHI that first pass through the covered entity. Below is a list of entities covered. For more information, see HHS.gov on HIPAA Coverage Cities. This applies not only to your regular full-time recruitments, but also to apprentices, temporary workers, volunteers and all others who are under your direct control. HIPAA requires covered entities to only collaborate with business partners who ensure full protection of PHI. These assurances must be made in writing in the form of a contract or other agreement between the covered company and ba.1 Instead, ask them to sign a confidentiality agreement. We insert these points into the confidentiality agreements we offer to our customers: it is like a chain that follows the PHI from the very first link in the chain, the unit covered.
The following link would be the business partner and all its subcontractors (including business partners) would be links that will follow. Imagine subcontractors as business partners. The BAA follows the direct path of the chain. .