www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.htmlsearchsecurity.techtarget.com/definition/business-associatewww.mwe.com/en/thought-leadership/publications/2013/02/new-hipaa-regulations-affect-business-associates__www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html When a counterparty/subcontractor violates or violates a BAA, the covered entity must take appropriate steps to remedy the offence or terminate the offence. “If such measures fail, they must terminate the contract or agreement,” HHS explains. “If termination of the contract or agreement is not possible, a covered entity is required to report the issue to the HHS Office for Civil Rights.” 1 [The agreement could also provide that the counterparty may, in the event of termination, pass on the protected health information to another counterparty of the insured company and/or add conditions regarding the obligations of a counterparty, obtain or guarantee protected health information produced, received or managed by subcontractors.] HipAA (Employee) Non-Disclosure Agreement (NDA) is for healthcare professionals. The Health Insurance Portability and Accountability Act (HIPAA) (Public Act 104-191) provides rules for medical personnel, hospitals, insurance companies and other health care providers that provide health information electronically. “Health information” refers to medical records, billing and financial data, or any identifiable health information. Employers who are regulated by HIPAA should have a HIPAA NDA run to ensure that the employee is informed of the limitations of patient data and to establish documentation on the employer`s diligence. HHS can monitor AABs and subcontractors to verify HIPAA compliance, not just covered companies. This means that organizations must have a Trade Association Agreement (BAA) for all three levels in order to meet HIPAA requirements. It is in your best interest to have an agreement, as all three classifications are responsible for the protection of the PHI. Finally, failure to comply with the requirements of an agreement by a partner/subcontractor could have significant consequences: [Option 1 – if the counterparty is to return or destroy all protected health information after the end of the agreement] Exceptions to the Business Associate Standard.