These requirements simply outline the need for business associate agreements (BAAs) between covered entities and business associates. This requirement has recently been extended to require business associate agreements between business associates and all subcontractors. Basically, each layer in the chain of BAAs takes on certain responsibilities and certain risks as part of HIPAA, and there needs to be consistency.
Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i)
Visible Health has a formalized policy and process is in place concerning BAAs. BAA templates are in place and BA contracts are reviewed for consistency. All organizational customers on Visible Health have BAAs in place. Additionally, contracts are retained that detail the responsibility of safeguarding any information to which the provider may have access, as well as creating consistency for Visible Health and Visible Health customers.
|Business Associate Contracts (Req)||The Implementation Specifications for the HIPAA Security Rule Organizational Requirements “Business Associate Contracts or Other Arrangements” standard were evaluated under section 164.308(b)(1) above.|
|Other Arrangements (Req)||Rules to engaging with additional 3rd parties, like subcontractors.|