A colleague recently shared a press release about a group of doctors who were fined $US 500,000. The fine was not the result of fraud, a misplaced order or misconduct, as one would expect. Instead, the group of doctors simply did not enter into any counterpart agreements. (d) survival. The counterparty`s obligations under this Section shall apply even after the termination of this Agreement. [The parties may wish to add additional specificity with respect to counterparty`s notification obligations in the event of infringement, for example.B. See 45 CFR 164.502(s). In such situations, the entity concerned shall not be required to enter into a counterparty contract or any other written agreement before the protected health information can be transmitted to the natural or legal person. Conclusion. Covered companies should start analyzing their counterparty agreements and determine what changes need to be made. Counterparties should take immediate measures to ensure compliance with their new obligations, in particular those that are likely to take the longest time, i.e. obligations related to the security of electronic ITPs, the notification of breaches and the execution of counterparty agreements with subcontractors.

A counterparty agreement is a legally binding document that sets parameters for determining what is allowed and what is not allowed with respect to the use of PHI between two organizations that manage it. For example, a pharmacy and a software company or a medical practice and a document storage company. Don`t end up on the “Wall of Shame,” which involves 500 or more people.