>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

TPM-08HIPAA Business Associate Agreement

>Control Description

Organization Business Associate Agreements must contain provisions for the following: • permitted uses and disclosures of Protected Health Information (PHI) • PHI safeguards to prevent unauthorized use or disclosure • communications regarding the unauthorized use or disclosure of PHI • PHI availability • contract termination and disposition of PHI

Theme

Process

Type

Preventive

Policy/Standard

Vendor Information Security Policy

>Implementation Guidance

1. Ensure there is a documented business associate agreement which includes clauses but not limited to : • permitted uses and disclosures of Protected Health Information (PHI) • PHI safeguards to prevent unauthorized use or disclosure • communications regarding the unauthorized use or disclosure of PHI • PHI availability • contract termination and disposition of PHI 2. Ensure that a process is defined for all business associates to sign and acknowledge to this agreement

>Testing Procedure

1. Inspect Organization's Business Associate Agreements and validate that it includes the following: • permitted uses and disclosures of Protected Health Information (PHI) • PHI safeguards to prevent unauthorized use or disclosure • communications regarding the unauthorized use or disclosure of PHI • PHI availability • contract termination and disposition of PHI 2. For a sample business associate validate that they have signed the said agreement.

>Audit Artifacts

E-TPM-13

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

HIPAA Security Rule
4

164.308(b)(2)
164.308(b)(3)
164.314(a)(2)(i)
164.314(a)(2)(iii)

Ask AI

Configure your API key to use AI features.