The federal rules for Part 2 programs apply before our current framework for patient privacy thinking, HIPAA. The second part has its origins in the drug revolution of the 1970s. It was necessary to protect drug treatment protocols more strictly than other medical records in order to avoid the stigma of addiction and the fear of those seeking addiction assistance from prosecution. The goal was to encourage people to seek treatment. With the increase in drug abuse, 42 CFR Part 2 has become a hotly debated topic. More recently, the Substance Abuse and Mental Health Services Administration (SAMHSA) has introduced updated provisions that have led Part 2 clinics to review their agreements with outside agencies. Many health organizations work to treat people who have drugs. If your company strives to do the same and needs help navigating complex compliance issues with compliance with drug treatment protocols, we can help! Please schedule a call with us to see how we respond to Part 2 requests. All potential agreements must be reviewed to determine whether a qualified service/counterparty agreement is authorized by 42 CFR, Part 2.
For example, no agreement can be signed with law enforcement authorities or with other drug or alcohol treatment programs that provide patients with the same services as the drug and alcohol treatment program that introduces the agreement. Matching agreements for processing, payment and operation are not required by the data protection rule. For Part 2 programs that are also covered entities, it is best practice to have an agreement with your qualified third-party partners as qualified trading partners and service organizations to execute an agreement containing the requirements of an BAA as well as the additional requirements of a QSOA. If you work with a provider with information such as ScanSTAT, make sure you have a QSOA. ScanSTAT runs QSOAs with our qualified customers. With respect to admissible claims, the covered entity is prohibited from asking the counterparty to do anything that is not authorized by the data protection rule, if it is also carried out by the entity concerned. A waiver may be permitted when the counterparty uses or discloses protected health information for data aggregation or management and the administrative activities of the counterparty (and the agreement includes provisions). Sections 164.502 (e) and 164.504 (e) of the data protection rule should be read at the same time as the standard agreement. The most common agreement between a covered company and its third-party supplier is BAA.
BaA is more common than the term QSOA for health care providers, simply because a large majority of the companies covered are not qualified as Part 2 programs and, as a result, covered companies use BAAs much more often than QSOAs. If you are treating patients whose information is subject to stricter data protection under federal law (for example. B The Medicines Protection and Alcohol Protection Act, you can plan to put in the mix a qualified service organization agreement. Then there are the unlisted entities that might want to write your partner agreement for you. These uncovered companies may have hundreds or thousands of other clients of covered entities that also need an agreement. Today, when you write business partner contracts for a health care provider, you have probably found that there are often no magic words or formulas that lead to an agreement. While sample forms from different sources may be useful, there are generally not two business partners who are the same. If you work for a covered facility, which is supported in one way or another at the federal level and provides substance abuse services that meet the criteria of a program under drug law and alcohol secrecy – in other words, enter it