2.2 Security Measures. The counterparty undertakes to take and use appropriate administrative, physical and technical security measures to (a) prevent the use or disclosure of the PHI; (b) adequately protect the confidentiality, integrity and availability of the ePHI that the counterparty creates, receives, maintains or transfers on behalf of the covered entity. Such security measures shall include a written information security directive, a security incident response plan, regular security awareness training, and confidentiality/confidentiality agreements with subcontractors and independent consultants with whom the counterparty has delegated tasks under this BAA. Upon termination of this Agreement for any reason, the counterparty shall return to the covered entity any protected health information obtained by the covered entity or established, maintained or received by a counterparty on behalf of the covered entity [or, if approved by the covered entity], that it still maintains in any form. Counterparties do not keep copies of protected health information. [In addition to other permitted purposes, the parties should indicate whether the counterparty has the right to use protected health information to identify the information referred to in CFR 164.514(a)-(c). The parties may also wish to indicate how the counterparty will anonymize the information and the uses and disclosures of anonymous information authorized by the counterparty.] First, we will look at the role of the company covered. It is the person who intends to allow another person to access and act with their medical records. Enter the first name, center name, and last name of the covered entity in the first blank line. This name must be indicated exactly as it appears on the official ticket of the covered company.
Now we need to name the person (Business Associate) who has access to the medical records of the covered company, in accordance with the Health Act of 1996 on Portability and Accountability. Provide the full legal name of the counterparty in the second space of the first paragraph. Make sure that this name is the same as the I.D. cards of this entity (for example. B driver`s license, passport). Recitals can help to explain the relationship between BAA and the underlying agreements between the parties. Consider asking a lawyer to verify the accuracy of the recitals and any underlying agreements. `counterparty` means any natural or legal person who is not a member of the staff of a classified entity, who performs functions or activities on behalf of a classified entity or who provides the classified entity with certain services which involve the counterparty`s access to protected health information. `Counterparty` also means a subcontractor who creates, receives, maintains or transmits protected health information on behalf of another counterparty. . .
.