A Business Associate (BA) Agreement is the formal written contract between Business Associate and Covered Entity that requires Business Associate to comply with specified requirements related to PHI.
As per HIPAA rules, "Covered Entities are defined as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards."
As a Teemwurk user, if you disclose any specific individually identifiable information or PHI with Teemwurk, then receipt and use of such information by Teemwurk under its agreements will make Teemwurk a "Business Associate" to you, as defined by HIPAA. Thus, in accordance to HIPAA, Covered Entity and Teemwurk must agree in writing in the form of a BA Agreement to comply with certain provisions relating to PHI's uses, disclosures and safeguards.
The BA agreement applies to you only when you already are or become a Covered Entity as per HIPAA rules and Teemwurk is or becomes your Business Associate as defined by HIPAA. The agreement execution does not automatically entitle you to become a Covered Entity or Teemwurk to become a Business Associate.
The BA agreement will replace all other agreements between you and Teemwurk with respect to the subject matter therein, unless there is an otherwise written agreement between the two parties.
To get answer to any questions related to the Business Associate Agreement, please contact your Teemwurk representative.
We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the Privacy Rule.
In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.
We may also use PHI to report violations of law to appropriate federal and state authorities.
We use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BA Agreement. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on behalf of a Covered Entity.
Such safeguards include:
In the event of a use or disclosure of PHI that is in violation of the requirements of the BA agreement, we will mitigate, to the extent practicable, any harmful effect resulting from the violation.
Such mitigation will include:
As provided in the BA Agreement, we will make available to Covered Entities, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.
Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by the BA on behalf of a Covered Entity available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BA Agreement and HIPAA regulations.