These requirements simply outline the need for business associate agreements (BAAs) between covered entities and business associates. This requirement has recently been extended to require business associate agreements between business associates and all subcontractors.
Business Associate Contracts or Other Arrangements - 164.314(a)(1)(i)
|Business Associate Contracts (Req)||The Implementation Specifications for the HIPAA Security Rule Organizational Requirements “Business Associate Contracts or Other Arrangements” standard were evaluated under section 164.308(b)(1) above.|
|Other Arrangements (Req)||Rules to engaging with additional 3rd parties, like subcontractors.|
Alpha Nodus has a formalized policy and process is in place concerning BAAs. BAA templates are in place and BA contracts are reviewed for consistency. Alpha Nodus has a formal policy and process in place for performing due diligence with any third party or vendor before engaging them. Additionally, contracts are retained that detail the responsibility of safeguarding any information to which the provider may have access, as well as creating consistency for Alpha Nodus and Alpha Nodus customers.