In any case, you must ensure that, regardless of who writes the agreement, it meets your legal obligations if you ask another person or company to provide a service for you or on your behalf, and that they need protected health information to perform that service. In some cases, national legislation may further protect the privacy rights of drugs and alcohol, mental health and other patients (e.g. B HIV and AIDS) as the data protection rule HIPAA and 42 CFR, part 2. If this is the case, the more restrictive law normally prevails and must be reflected in decisions regarding participation in trade partners and qualified service arrangements. There are certain necessary elements of an BAA, such as 1) the definition of uses and returns of PPH authorized and necessary by the counterparty; 2) provide that the counterparty will not use or disclose the information, except as required by the BAA or any other legal obligation; and 3) require the counterparty to put in place appropriate security measures to prevent the unauthorized use or disclosure of PPHs. [vi] There are additional best practices that can be recommended by your legal advisor to manage an insured company`s relationship with its business partners, such as the inclusion of a disclaimer in the Agency`s relationship and the recommendation of a language that the agreement is not intended to be used by third parties. The most common agreement between a covered company and its third-party supplier is BAA. BaA is more common than the term QSOA for health care providers, simply because a large majority of the companies covered are not qualified as Part 2 programs and, as a result, covered companies use BAAs much more often than QSOAs. If you are familiar with the federal drug and alcohol privacy law, you will immediately notice the complexity of combining a qualified service organization and a business agreement.
In addition to the performance of the services provided to the programme included in the agreement, a qualified service/trading partner organization is prohibited from providing protected health information. If you are treating patients whose information is subject to stricter data protection under federal law (for example. B The Medicines Protection and Alcohol Protection Act, you can plan to put in the mix a qualified service organization agreement.