We proposed that parties dealing with third-party data be required to enter into a fiduciary partnership agreement, one whereby the parties accept electronic data exchange and protection of the data transmitted. This final rule limits the scope of the necessary agreements. It essentially applies the provisions of sections 164,502 and 164,504 (e) of the data protection rule, although changes have generally been made to the required contractual elements. A number of commentators have expressed some confusion about their responsibility for information security as soon as they have moved from their control to the control of their trading partner, and so on in the chain of trading partners. Requests have been made to clarify that the chain of fiduciary partnership agreements does exist between two parties and that, if a trade partnership agreement has been concluded, each specific partner would not be responsible for data security or would not be responsible as soon as it appeared. Note: To understand the detailed requirements of the elements required by a trade association agreement, you must refer to the point specifications (2). The necessary elements prescribed a particular language of the treaty. Suppliers are encouraged to get advice on matching contracts. (ii) Where a counterparty is legally required to perform a function or perform an activity on behalf of an insured company or to provide a service that, in the definition of consideration, is in 160.103 of this sub-chapter to a classified unit, that target entity may provide the counterparty with protected health information to the extent necessary to fulfil the legal mandate without meeting the requirements of this paragraph and section 164.314 (a) (1)). , if the entity in good faith endeavours in good faith to obtain satisfactory assurances in accordance with paragraph (e(2) of this section and, if so, at paragraph 164.314 (1), and documents, if such an attempt fails, the experience and reasons why such assurances cannot be obtained. Finally, we proposed to remove the reference to subcontractors in section 164.314(b) (2) (iii) with respect to the modification of group health documents as a necessary condition for the disclosure of protected health information to a plan sponsor and to avoid subcontractors when they relate to subcontractors who are counterparties. We have replaced the proposed “Chain of Trust” standard with a standard for associated business contracts and other arrangements. (A) the contract may allow the counterparty to use and disclose protected health information for the proper management and management of the counterparty covered in paragraph (4) of this section; And comment: Several commentators have asked whether existing contracts could be used to meet a trading partner`s requirement or whether the rule required entry into a new specific contract for that purpose.
In addition, commentators want to know to whom employment contracts do not contain a written contractual agreement: do they now have to enter into formal agreements and inc carry the additional costs? 2. The person informs the counterpart of the cases of which he is aware and in which the confidentiality of the information has been violated. [The parties may add an additional specificity to the way the counterparty responds to an access request that the counterparty receives directly from the person (for example. (b) the question of whether a counterparty should grant the requested access and in what time, or whether the counterparty transmits the person`s request to the entity concerned to respond to it) and the time frame within which the counterparty can transmit the information to the entity concerned.] After the end of this agreement for some reason, Business Associate is returned to covered companies [or, if agreed by covered companies, destroying] any health information protected by companies covered, or created, maintained, or received by trading partners on behalf of the covered entity that the counterparty still manages in any form.