Exceptions to the Business Associate Standard. The confidentiality rule contains the following exceptions to the counterparty standard. See 45 CFR 164.502(s). In such situations, the entity concerned shall not be required to enter into a counterparty contract or any other written agreement before the protected health information can be transmitted to the natural or legal person. Transitional provisions for existing contracts. Covered companies (with the exception of small health plans) that entered into an existing contract (or other written agreement) with counterparty before October 15, 2002 may continue to work for up to an additional year beyond the compliance date of April 14, 2003, unless the contract is renewed or amended before April 14, 2003. 2003. This transitional period applies only to written contracts or other written agreements. Oral contracts or other arrangements are not eligible for the transition period.

Entities covered by eligible contracts may continue to operate under such contracts with their counterparties until April 14, 2004 or April 14, 2004 or until the renewal or amendment of the contract, whichever is earlier, whether or not the contract meets the applicable contractual requirements under 45 CFR 164.502(e) and 164.504(e). Otherwise, a data subject entity must comply with the data protection rule, for example.B. only make permitted advertisements towards the counterparty and allow individuals to exercise their rights in accordance with the rule. See 45 CFR 164.532 (d) and (e). According to the law, the HIPC data protection rule only applies to covered companies – health plans, clearing houses for healthcare and certain healthcare providers. However, most health care providers and health plans do not perform all of their health activities and functions themselves. Instead, they often use the services of a large number of other people or companies. The data protection rule allows covered health providers and plans to transmit protected health information to these “counterparties” when suppliers or plans receive satisfactory assurances that the counterparty is only using the information for the purposes for which it was mandated by the covered entity, protects the information from abuse and helps the covered company to meet some of the obligations of the covered company, in accordance with the data protection rule. . . .

Be Sociable, Share!