As a covered company, you want your business partnership agreement to require it to consent to the jurisdiction of the U.S. courts. Question: If we use a business partner abroad, does they have to follow HIPAA? Are we even allowed to use someone in another country? Question: Our doctor`s office uses data backup via Google Cloud Storage [or Amazon Web Service]. They say they are HIPAA compliant. Do we still need a business partnership agreement with Google [or AWS]? Catholic Health Care Services (CHCS) at the Archdiocese of Philadelphia has agreed to resolve possible violations of the hipaa safety rule after the theft of a CHCS mobile device put the PSRs of hundreds of nursing home residents at risk. CHCS provided management and IT services as a business partner to six qualified care facilities. The total number of people affected by the combined offences was 412. The settlement includes a cash payment of $650,000 and a corrective action plan. Upon termination of this Agreement for any reason, the Business Partner will return to the Covered Entity [or, if the Covered Entity has agreed], any Protected Health Information obtained from the Covered Entity or created, maintained or received by a Business Partner on behalf of the Covered Entity [or, if the Covered Entity agrees], that the Business Partner always keeps in any form whatsoever.
Business partners do not keep copies of protected health information. By law, the HIPAA privacy rule only applies to covered companies – health plans, health care clearing houses, and certain health care providers. However, most health care providers and health care plans do not perform all of their health activities and functions themselves. Instead, they often use the services of a variety of other people or companies. The confidentiality rule allows covered health care providers and plans to share protected health information with these “business partners” if the providers or plans receive satisfactory assurances that the business partner will only use the information for the purposes for which it was engaged by the covered entity, protect the information from misuse, and help the covered entity comply with some of the obligations of the covered entity under the To comply with the data protection rule. Registered entities may disclose protected health information to an entity in its role as a business partner only to assist the captured entity in performing its health functions, and not for the business partner`s own use or purposes, unless this is necessary for the proper administration and administration of the business partner. (e) [Optional] Business Partners may use protected health information for the proper administration and administration of the Business Partner or to fulfill the Business Partner`s legal responsibilities….