If you enter into an agreement with another legal or natural person who uses or receives individually identifiable health information in the context of the provision of services on behalf of the institution, the following inclusion in the service agreement should be taken into account. 6. Revocation of Consent or Authorization. If the use or disclosure of the PHI in this Agreement is based on an individual`s specific consent or authorization for the use of his or her PHI and the person withdraws his or her consent or authorization in writing, or the effective date of such authorization has expired, or the consent or authorization is erroneous in a manner that renders it invalid; The counterparty, when informed of such revocation, course or invalidity, must cease to use and disclose such a person`s PHI, unless it has relied on such use or disclosure or a derogation is expressly applicable in accordance with the data protection rule. [Optional] The entity concerned shall not require counterparties to use or disclose protected health information in a manner that would not be permitted by Subsection E of 45 CFR Part 164 if the covered unit did so. [Insert an exception if the counterparty uses or discloses protected health information for data aggregation or management, as well as the counterparty`s legal responsibilities and the agreement contains provisions relating to data aggregation or management.] These indemnities apply even after the termination of this Agreement and the covered company reserves the right to participate, at its own choice and expense, in the defense of a claim or proceeding by the attorney of its choice. 2.2 Security Measures. The counterparty undertakes to take and use appropriate administrative, physical and technical security measures to (a) prevent the use or disclosure of the PHI; (b) adequately protect the confidentiality, integrity and availability of the ePHI that the counterparty creates, receives, maintains or transfers on behalf of the covered entity. Such security measures shall include a written information security directive, a security incident response plan, regular security awareness training, and confidentiality/confidentiality agreements with subcontractors and independent consultants with whom the counterparty has delegated tasks under this BAA. Tax Class – A counterparty in this Agreement is treated as an independent contractor of 1099 responsible for the payment of its personal income and personnel taxes. B. the purposes for which protected health information may be used or disclosed. In connection with the services provided by the counterparty on behalf of the entity covered under this Agreement, the Covered Entity may provide protected health information („PHI“) as defined in the HIPC Rules, for the purposes of the (description of the subject matter of publication that directly relates to the services provided in the Agreement, b.

claims handling, audit, design of a computer system, etc.). See our sample agreement in PDF, which lists the terms of the partnership between „Covered Entity, Inc.“ and „Business Associate, LLC.“ Since 1996, the Health Insurance Portability and Accountability Act (PPTE) has required thousands of companies in the United States to enter into counterparty agreements. . . .