This agreement covers patient data that is shared for business reasons, but other persons or groups outside of the office.
The final HIPPA rule revised the term “chain of trust” to a more specific term, “business associate contracts and other arrangements,” to redefine who must enter into a contract under the rule. However, for practical purposes you still will use the term “chain of trust” when dealing with real-world policy development.
If a healthcare practice shares patient data with a third party, it must establish a certain level of trust with this party to ensure it will maintain data integrity and confidentiality. The agreement with this party must take the form of a formal, approved contract that clearly outlines each entity’s responsibilities. If the data must pass through multiple parties before reaching its intended recipient, each must establish a trust agreement with your practice, which, as the parent party, ultimately is responsible for the data. Entering into chain of trust agreements ensures that security is maintained despite the data’s location. Without such agreements, one organization’s lower level of security could compromise another organization’s high level of data integrity and confidentiality.
For example, if you are sending a patient’s medical record to a specialist, you should not merely compress the files and e-mail them via your home Internet service provider. While you may have a formal agreement with the receiving party, standard e-mail is not secure. Instead, you should learn how to use encryption and even digital signatures
Related Terms: Business Associate Agreement