Are business associates agreements and chain of trust agreements an “either/or” or an “and”?
Business associate agreements and chain of trust agreements serve two distinct purposes. A business associate agreement ensures that the business associate will protect the privacy rights of the subject individual (i.e. not engage in any unauthorized uses or disclosures of PHI). A chain of trust agreement ensures that a trading partner (i.e. someone with whom a covered entity exchanges data electronically) will maintain the security of transmitted data and observe a standard of due care (i.e. authentication, access control and audit). The business associate agreement is required by the privacy rule; the chain of trust agreement is required by the security rule. In some cases, both agreements will have to be negotiated; in other cases only one of the two will be required.
Related Questions
- We have seen, and had requests to combine the business associate agreement and the chain of trust agreement, has this been addressed by PrivaPlan as to the pros and cons?
- What is the difference between business associate agreements and chain of trust partner agreements?
- Are business associates agreements and chain of trust agreements an "either/or" or an "and"?
