Compliance with THE rules set out in HIPAA is required by law if your company has the personal health data of individuals and wishes to extend its activities to external employees. Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has required thousands of companies in the United States to enter into trade association agreements. 2.2 Safety precautions. Business Associate is committed to implementing and implementing appropriate administrative, physical and technical security measures to prevent the use or disclosure of PPHs; and (b) to adequately protect the confidentiality, integrity and availability of the ePHI that creates, receives, manages or transmits business associate on behalf of the insured entity. These security measures include a written information security directive, a security incident response plan, regular safety awareness training and confidentiality/non-disclosure agreements with independent subcontractors and consultants with whom Business Associate has delegated tasks under this AGENCY. (f) [optional] Counterparties may provide protected health information for the proper management and management of the counterparty or to fulfil the legal obligations of the counterparty; where the information is prescribed by law or the consideration receives from the person to whom the information is disclosed, reasonable assurances that the information will remain confidential and that it will not be disclosed until then, in accordance with the law or for the purposes for which it was disclosed to the person, and that the person informs the counterpart of any case where the confidentiality of the information has been violated. In the event of a violation or non-compliance with a BAA by a counterparty/subcontractor, the covered unit must take appropriate measures to remedy the infringement or terminate the infringement. “If such measures fail, they must terminate the contract or agreement,” HHS explains. “If termination of the contract or agreement is not possible, a covered entity is required to report the issue to the HHS Office for Civil Rights.” 1 (a) [optional] The entity concerned informs the counterparty of any restrictions (s) in the notice of the insured company`s data protection practices in accordance with 45 CFR 164.520, as this restriction may affect the use or disclosure of health information protected by a counterparty.