Change Healthcare Business Associate Agreement

Once covered companies, counterparties and counterparty subcontractors have identified their mutual relationships, it is necessary to ensure that third parties protect the PHI they receive. A signed agreement certifies that the BA knows that it must manage PHI safely. The counterparty agreement ensures that there is a custody chain for PHI. A supplier of a HIPC enterprise must enter into a contract with the covered entity and a subcontractor engaged by a counterparty is also required to enter into such a contract. A subcontractor is a business partner of a counterparty and is not covered by the BA/Covered Entity contract. Before allowing access to PHI, a separate contract must be signed. The chain can be long and the further ePHI is from the covered entity, the greater the potential for breach of the HIPC counterparty agreement.

Comments are closed.