Business Associate Agreement Requirements Hipaa Finally, failure to comply with the requirements of an agreement by a counterparty/subcontractor could have important consequences: liability for the action of a counterparty. HIPAA`s data protection and security rules confirm that a covered company is in breach of HIPAA if the affected entity was aware of a business or practice model of a counterparty representing a substantial violation or violation of the BAA, unless the covered company has taken appropriate steps to remedy the breach, termination of breach or termination of the contract.11 In addition, an insured business may be held liable for the counterparty`s fault, 12 The same rules apply to counterparties with respect to their subcontractors.13 As a result, the counterparties and counterparties covered should ensure that their BAAs: «[a] person or unit company, with the exception of a staff member of an insured company performing functions or activities on behalf of an insured company , or provides specific services to a classified entity that includes consideration of protected health information. [BA] is also a subcontractor that creates, receives, manages or transmits protected health information on behalf of another [BA]. (f) [optional] the counterparty may disclose protected health information for the proper management and management of the counterparty or fulfill the legal obligations of the counterparty; where the information is prescribed by law or the consideration receives from the person to whom the information is disclosed, reasonable assurances that the information will remain confidential and that it will not be disclosed until then, in accordance with the law or for the purposes for which it was disclosed to the person, and that the person informs the counterpart of any case where the confidentiality of the information has been violated.