Avoid counterparty requirements. Given compliance costs and non-compliance penalties, companies may wish to avoid becoming a “counterparty” or executing counterparty agreements where possible. The following counterparties are not counterparties and may refuse to execute a counterparty agreement as required: (3) enter into a HIPC-compliant counterparty agreement with each counterparty. (OCR FAQ). Although the characterisation of a staff member helps contractors avoid counterparty obligations, covered undertakings may object to the classification of contractors as members of their staff, which may indicate that the contractor is acting as a representative of the covered undertaking, therefore exposing the undertaking concerned to additional liability for the contractor`s actions. (See 45 CFR 160.402 (c); 78 FR 5581). Answer: Business partners are suppliers (for a covered entity) who create, receive, maintain or transmit protected health information (PHI) while performing a service with the PHI. From award-winning HIPAA training to contracts and agreements, we can meet your needs so you can protect your business. Counterparties that violate the HIPC may be subject to penalties ranging from $100 to more than $50,000 per violation. (45 CFR 160.404). If the offense is due to wilful negligence, the Civil Rights Office (OCR) must impose a fine of at least $10,000 per violation.

(Id.). If the counterparty has been deliberately neglected and does not correct the breach within thirty (30) days, the OCR must impose a fine of at least USD 50,000 per breach. (Id.). An individual offence can give rise to many offences. For example, the loss of a laptop containing hundreds of patient PHI can represent hundreds of offenses. Similarly, each day on which a covered undertaking or counterparty fails to implement a necessary directive constitutes a separate infringement. (45 CFR 160.406). In addition to regulatory penalties, counterparties that fail to comply with counterparty agreements may also be liable for contractual damages and/or indemnification obligations set out in the counterparty agreement. (2) members of the personnel of an undertaking. Employees of an enterprise are not business partners of the enterprise, including “employees, volunteers, interns and other persons whose conduct in the performance of work is under the direct control of an enterprise or counterparty, whether or not they are paid by the enterprise or counterparty concerned”.; (45 CFR 160.103). In order to avoid counterparties` obligations, contractors may try to be classified as staff members of the covered undertaking. The OCR found that the contract must describe the permitted and necessary use of health information protected by the counterparty; provide that the counterparty shall not use or disclose protected health information other than to the extent permitted, prescribed or prescribed by law; and request the counterparty to take appropriate security measures to prevent the misuse or disclosure of protected health information that is not provided for in the contract.

. . .