Counterparty contracts. A covered company`s contract or other written agreement with its counterparty must contain the elements referred to in 45 CFR 164.504(e). For example, the contract must: describe the permitted and necessary use of the health information protected by the counterparty; provide that the counterparty does not use or disclose protected health information other than to the extent permitted, prescribed or prescribed by law; and request the counterparty to take appropriate security measures to prevent protected health information from being taken into account other than the contract or contract. Where a covered entity is aware of a breach or material breach of the contract or agreement by the counterparty, the covered entity shall be required to take appropriate measures to remedy the breach or to bring the breach to an end, and if those measures are unsuccessful to terminate the contract or agreement. If termination of the contract or agreement is not possible, a covered organization must report the issue to the Department of Health and Human Services `HHS) Office of Civil Rights (OCR). Please see our standard contract for business partners. The companies concerned and counterparties may be penalised if they do not conclude a counterparty agreement if necessary and the penalties may be severe. For example, a group of doctors in Florida paid a $500,000 fine for failing to enter into a business agreement with its billing company. Following the illegal publication of PHI on its website, the U.S. Department of Health`s Office for Civil Rights (OCR) sanctioned the group for failing to take appropriate steps to guarantee PHI, including failing to enter into a counterparty agreement with the settlement company. (iii) the authorisation to terminate the contract by the covered entity if the covered entity finds that the counterparty has failed to meet a significant duration of the contract. The functions and activities of counterparties include: claims management or management; data analysis, processing or management; verification of use; quality assurance; settlement of accounts; performance management; practice management; and reassessment.
the counterparty services are: legal; actuarial; accounting; counselling; data aggregation; management; from an administrative point of view; accreditation; and financially. See the definition of “counterparty” in 45 CFR 160.103. To make your agreement work for you – Check the agreement with your lawyer and amend accordingly: (ii) he offers, except as a staff member of that covered entity, legal, actuarial, accounting, consulting, data aggregation (as defined in section 164.501 of this sub-chapter), management, administration, accreditation or financial services for or for the covered companies; or in the case of an organised healthcare agreement in which the covered undertaking participates, where the provision of the service involves the disclosure of health information protected by the entity or agreement covered by it or by any other counterparty of that covered entity or agreement to the data subject. General provision. The data protection rule requires that a covered entity receive satisfactory assurances from its counterparty that the counterparty adequately protects the protected health information it receives or produces on behalf of the covered entity. Satisfactory assurances must be made in writing, whether in the form of a contract or other agreement between the covered entity and the counterparty. For example, medical plans, dental plans, visual plans, flexible health expense accounts, and some staff support plans for group health plans are covered. On the other hand, disability plans (income replacement plans), life insurance plans and employee compensation plans are not covered. . . .