Can anyone please help me to succinctly define when to use a business agreement
vs. trading partner agreement vs. a chain of trust agreement, and when I am most
likely going to need more than one at a time? (or refer me to a resource that
compares the definitions and uses of each) Last year during our initial HIPAA
gap analysis we developed an inventory of BAs and Trading partners but now as I
work on this list to update it and prioritize it for follow-up I am questioning
some of our initial assumptions and definitions. My current understanding is
that we will need a business associate agreement when:
1) we will be sharing PHI with a noncovered entity for treatment, payment or
operations (TPO) (e.g. consultants, auditors, mailing house)
2) we will be sharing PHI with a covered entity to whom we are delegating any of
our TPO functions. (delegated MH coverage, delegated Dental coverage)
I am less clear as to when we will need a trading partner or chain of trust
agreement. Am I correct in assuming that we will need trading partner
agreements with all of our providers and employers in order for them to submit
electronic claims, referrals, enrollment transactions to us? And wouldn't I
then also need chain of trust agreements with each of them to ensure security
standards are met? Oh and then some may also be business associates.
Are my assumptions near the mark? Any insight would be greatly appreciated
because I am having difficulty distinguishing these relationships for myself and
for others in my organization.
Deborah Fiumedora
[EMAIL PROTECTED]
Project Manager
Neighborhood Health Plan
Boston, Massachusetts
**********************************************************************
To be removed from this list, send a message to: [EMAIL PROTECTED]
Please note that it may take up to 72 hours to process your request.
