The "Health Information Technology for Economic and Clinical Health Act" ("HITECH Act") was signed into law on February 17, 2009 and takes effect February 17, 2010. It expands HIPAA privacy and security regulations. The two most important changes in the HITECH Act for business associates of HIPAA covered entities are (a) requirement that business associates comply directly with Security Rule provisions directing implementation of administrative, physical and technical safeguards for electronic protected health information and (b) expanded breach notification rules for both covered entities and their business associates.
This agreement is intended to work as a side agreement or collateral agreement to an existing or pending contract with a Business Associate that deals solely with HIPAA privacy issues. It is not intended to be the complete and final written expression of a services agreement between a health care provider and a contractor.
Virgin Islands Rider is a legal document that complements the HIPAA Privacy Compliance Agreement for Business Associates, specifically addressing the requirements and regulations for individuals and entities operating in the Virgin Islands. This agreement ensures that business associates in the Virgin Islands are compliant with the HITCH Act (Health Information Technology for Economic and Clinical Health Act), which strengthens the privacy and security protections for individually identifiable health information. The Virgin Islands Rider or Collateral Agreement to HIPAA Privacy Compliance Agreement for Business Associates HITCHCH Act is designed to outline the specific obligations and responsibilities of business associates in the Virgin Islands regarding the protection and handling of protected health information (PHI). This agreement is crucial in maintaining the confidentiality, integrity, and availability of PHI, as required by the HITCH Act. The Virgin Islands Rider may include provisions such as: 1. Definitions: Clearly defining key terms used in the agreement, such as "business associate," "covered entity," "individually identifiable health information," and more. 2. Permitted Uses and Disclosures: Outlining the limited circumstances in which the business associate is allowed to use or disclose PHI without prior authorization from the covered entity. 3. Security Safeguards: Detailing the specific administrative, physical, and technical safeguards that the business associate must implement to protect PHI from unauthorized access, disclosure, alteration, or destruction. 4. Reporting Breaches: Establishing the obligations of the business associate to report any breaches of PHI to the covered entity and describing the timeframe within which such breaches should be reported. 5. Subcontractors and Agents: Addressing how the business associate will ensure that any subcontractors or agents also comply with the requirements of the HIPAA Privacy Compliance Agreement and HITCH Act. 6. Indemnification: Addressing the indemnification obligations between the business associate and the covered entity in case of any potential violations of the agreement or breach of PHI. 7. Termination: Describing the circumstances under which either party can terminate the agreement, and the obligations and responsibilities of each party upon termination. It is important to note that the Virgin Islands Rider may vary depending on the individual circumstances and preferences of the covered entity and business associate. The content and structure of the agreement may differ based on factors such as the complexity of the business operations, the types of services provided, and any specific Virgin Islands laws or regulations that may be applicable.
