4. Condition of the matching agreement. If the covered entity continues to insist on a counterparty agreement, the counterparty or subcontractor could minimize its commitment by conditioning a counterparty agreement on the entity`s counterparty status as consideration, i.e. it assumes responsibility if and to the extent that it is a counterparty within the meaning of HIPAA. While this is an imperfect solution, it could at least allow the company to avoid regulatory sanctions if it is really not a trading partner. (4) Application specifications: other requirements applicable to contracts and other agreements. (i) The contract or any other agreement between the covered entity and the counterparty may allow the counterparty to use, if necessary, the protected health information that the counterparty receives as a counterparty to the covered entity: HHS can verify the compliance of THE COMPANY and subcontractors, and not just the companies covered. This means that organizations must have a Trade Association Agreement (BAA) for all three levels in order to meet HIPAA requirements. It is in your best interest to have an agreement, as all three classifications are responsible for the protection of the PHI. A software company that hosts software that contains information on its own server or accesses patient information when the software function is bypassed is a business partner of a covered entity. In these examples, a covered company would be required to enter into a counterparty agreement before the software company had access to [PHI]. However, when an employee of a contractor, such as a software or IT service provider, has his primary service with an on-site covered company, the covered entity may treat the creditor`s employee as a member of the insured company`s staff and not as a business partner. Covered companies may disclose protected health information to a company in its role as a business partner only to assist the insured company in fulfilling its health missions – not for independent use or for the purposes of counterparty, unless it is necessary for the proper management and management of the counterparty.

2. Staff members of a company. A company`s staff members are not business partners of the company, including “employees, volunteers, interns and others whose conduct while performing work for an insured company or counterparty is under the direct control of that unit or consideration, whether or not they are paid by the insured unit or by a consideration.” CFR 160.103).