Business Associate Agreements and Addendums Procedures

From University of Nebraska Medical Center
Revision as of 13:12, October 6, 2020 by Dpanowic (talk | contribs)
Jump to navigation Jump to search
Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property


Compliance Program | Compliance Hotline | Investigations by Third Parties | Research Integrity | Export Control | Code of Conduct | Use of Human Anatomical Material | Clinical Research and Clinical Trial Professional and Technical Fee Billing | Contracts | Conflict of Interest | Red Flag Identity Theft Prevention Program | Principles of Financial Stewardship | Human Tissue Use and Transfer | Disclosing Foreign Support and International Activities | Health Care Vendor Interactions | Credit Hour Definition | Whistleblower

Revised Date: 10/06/20
Reviewed Date: 10/06/20

Business Associate Agreements and Addendum Procedures

Please see: UNMC Policy No. 8009, Contracts

Procedure

  1. Departments are required to complete a Business Associate Agreement or Business Associate Addendum whenever vendors provide services on behalf of UNMC and have access to protected health information.
  2. Health care providers providing patient care are exempt from the requirement.
  3. Business Associate Agreements and Addendums are required for all new or modified contracts for services.
  4. Business Associate Addendums are utilized whenever a formal contract is in place for the services being provided. The Addendum reinforces the services that have been specified in the contract and outlines the protected health information.
  5. Business Associate Agreements are required whenever services are being provided and a formal contract has not been executed. In this case the Business Associate Agreement will outline the services being provided and the protected health information available.
  6. The Business Associate Agreements and Addendums are available electronically at https://www.unmc.edu/hipaa/forms/index.html. Although they are in Word format, they should not be changed in content. Only the parties to the agreement and the services being provided may be changed. These agreements can only be properly executed by the Procurement Department. Two copies should be prepared in order to provide the vendor with an original.
  7. Procurement will maintain an original file of the Business Associate Agreement or Addendum and will maintain an electronic database that will exhibit a current listing of those vendors, the services they are providing, and if they have, in fact, completed an agreement.
  8. Only one Business Associate Agreement or Addendum is required by the University as long as the services to be performed remain constant. In the event that the vendor is providing more than one service, an additional agreement is required.
  9. All Business Associates are required to implement all HIPAA Security Rule Safeguards. In the event that a vendor cannot meet a specific requirement of the Business Associate Agreement or Addendum, i.e., insurance, etc., an exception can be granted only by the University’s Office of the Vice President and General Counsel. In these cases, Procurement will be notified of such request for exception and will submit it for the legal exception.

Additional Information


This page maintained by dkp.