No, your staff are not your business partners, but you have a responsibility to monitor their access to POs and train them in data security and protection practices. Your “staff” includes paid employees, but also volunteers, interns, temporary workers and all others who are under your direct control. To comply with HIPAA, a counterparty agreement must include a description of the uses and declarations of PHI authorized and required by the counterparty. The counterparty agreement must also require, among other things, that the counterparty sign a confidentiality agreement. We include these points in the confidentiality agreements we offer to our customers: companies and undercover trading partners should check all agreements involving the exchange of PHI to ensure that counterparty agreements are in place, if necessary. In addition, covered companies and counterparties should carefully review all future counterparty agreements to ensure that each agreement contained all the elements required by HIPAA and adequately protects the party concerned. Finally, companies and covered counterparties should ensure that they have adopted the appropriate HIPAA policies and procedures to comply with counterparty agreements. In addition to the provisions required by HIPAA, some may include additional safeguards. For example, a covered business may include a compensation clause for the protection of the self-supply agency when a counterparty is in a security breach with the hia of the affected entity. (g) [optional] Counterparties may provide data aggregation services related to the health activities of the covered company. (a) counterparties. “counterparty” generally has the same meaning as the term “counterpart” for 45 CFR 160.103 and means, with respect to the party in this agreement, the party to the agreement [insert the name of the consideration]. In addition to Aptible or another host, you`re probably using a number of third-party application and workflow services to create your products and run your business.
You can use z.B. Twilio to send SMS, mailgun for transactional emails, mixpanel for analysis, AWS RDS for your database, Papertrail for logging, Slack for internal communications, Gmail for email, etc.