d) make sure, if, in accordance with 45 CFR 164.502 (e) (1) (ii) and 164.308 (b) (2), all subcontractors who produce, receive, maintain or transmit protected health information on behalf of the counterparty accept the same restrictions, conditions and requirements that apply to the counterparty with respect to this information; [The agreement could also provide that the counterparty could, at the time of termination, pass on the protected health information to another counterparty of the insured company and/or add conditions relating to a counterparty`s obligations to receive or insure protected health information produced, received or managed by subcontractors.] Instead, ask them to sign a confidentiality agreement. We include these points in the confidentiality agreements we offer to our clients: 2.10 Management and Administration. Business Associate undertakes to use or disclose PHI received as a counterpart for its own activities by Covered Entity only if: (a) the use relates to the proper management and management of Business Associate, or exercises the legal responsibilities of the counterparty or provides data aggregation services related to the medical operations of the covered entity; or b) disclosure of information received as such is related to Business Associate`s provision of services specified in a service contract, and such disclosure is required by law, or Business Associate receives from the person to whom the information is disclosed, the assurance that it will be treated confidentially, and the person also undertakes to inform business associate of a security incident or violation. „So far, in 2019, trading partners have been implicated in more than a quarter of the major health data violations added to the federal census. The 27 incidents, reported so far in 2019, have involved a total of nearly 690,000 people, according to the HHS website. Contractors who work exclusively for your business, individuals with other customers, and employees hired through a company are not business partners. However, your company is liable if one of these people violates the PHI. Many of the companies surveyed choose to establish audit rights in their BAAs.