Purchase Price: $9.99	(Credit Cards & Paypal Accepted)
Features of this Product or

Click here for more information about our
copyrighted, online questionnaire process.

General Purpose. This agreement is intended to fufil the requirement contained in the final regulations issued by the Department of Health and Human Services ("HHS") in implementation of the Health Insurance Portability and Accountability Act ("HIPAA") that each health care provider covered by the act obtain a written contract with other entities that utilize Protected Health Information ("PHI") obtained from the health care provider (called "Business Associates" in the HHS privacy regulations). The current rule requires covered health providers to obtain contracts from their Business Associates no later than April 14, 2003.

Note: This agreement is intended to work as a "side agreement" or collateral agreement--to an existing or pending contract with a Business Associate--that deals solely with HIPAA privacy issues. The form substantially tracts the suggested language issued by the Department of Health and Human Services as guidance: Sample Business Associate Contract Provisions (Published in Federal Register 67 No.157 pg.53182, 53264 (August 14, 2002)).

Who is a "Covered Entity" under HIPAA? Health plans, health care clearinghouses, and health care providers who engage in an "electronic transaction" (i.e., generally meaning the transmission of any health information in electronic form but see below for complete definition) are "Covered Entities" under HIPAA. Please note that health care providers who do not submit electronic transactions of health care information may still become Covered Entities under this rule when another entity, such as a billing service or a hospital, transmits a standard electronic transactions on their behalf. Please also note that health plans and health care clearinghouses do not need to enter into an "electronic transaction" involving PHI before they can be defined as a "covered entity". Only a health care provider must engage in an "electronic transaction" involving PHI before it becomes a "covered entity".

Therefore, if a medical practice engages in any electronic transaction described above (even only one transaction), then the Privacy Rule of the HIPAA regulations applies to this medical practice. This is the case even if the medical practice uses another entity, such as a billing service or hospital, to transmit an electronic transaction described above. Even though coverage under HIPAA is triggered by use of electronic transactions, the HIPAA Privacy Rule applies to individually identifiable health information in any form, including oral, written and electronic communications.

For more information regarding who is a "covered entity" under the HIPAA privacy regulations, please visit the library section of our site: The HIPAA Privacy Rule: "Business Associates" of "Covered Entities".

Who is a "Business Associate" under HIPAA? A Business Associate is a person or entity who provides certain functions, activities, or services for or to a covered entity, involving the use and/or disclosure of PHI. A Business Associate is not a member of the health care provider, health plan, or other covered entity's workforce. A health care provider, health plan, or other covered entity can also be a business associate to another covered entity. The rule includes exceptions. The business associate requirements do not apply to covered entities who disclose PHI to providers for treatment purposes - for example, information exchanges between a hospital and physicians with admitting privileges at the hospital.

For more extensive information regarding the HIPAA privacy regulations relative to "Business Associate" contracts, please visit the library section of our site: The HIPAA Privacy Rule: "Business Associates" of "Covered Entities".