What is the difference between business associate agreements and chain of trust partner agreements?
These two HIPAA rules were written by different teams and came out at different times. One of the reasons given for the delay in publication of the final security rule is the work required to synchronize it with the privacy rule-for example, so that terms are used consistently. The proposed security rule was published in 1998; the proposed privacy rule came later. The chain of trust agreement as described in the proposed security rule was little more than a gentlemen’s handshake, whereas the later privacy rule’s business associate agreement delineates specific responsibilities. Note that the August 14, 2002, Federal Register contains sample agreement language from HHS. A business associate agreement or contract must contain statements such as: • The business associate will not use or disclose the entity’s PHI for other than the purpose(s) of the business association or contract, or as required by law. • The business associate will not use or disclose PHI in any way that would be a viol
Related Questions
- We have seen, and had requests to combine the business associate agreement and the chain of trust agreement, has this been addressed by PrivaPlan as to the pros and cons?
- Are business associates agreements and chain of trust agreements an "either/or" or an "and"?
- What is the intent of business associate agreements?
