There are a few exceptions to the requirement to sign a counterparty agreement. These include specialists to whom a hospital gives a patient and transmits the patient`s medical card for therapeutic purposes, laboratories to which a physician discloses a patient`s PHI for therapeutic purposes, and disclosures of PHI to a health plan sponsor such as an employer through a group health plan. [Option 2 – where the agreement authorises the counterparty to use or disclose protected health information for its own management and management or to exercise its legal responsibilities and the counterparty must retain protected health information for those purposes after termination of the contract] Some of them have adopted a «Better Safe than-Sorry» approach to address their definition problems and have entered into agreements with all the companies with which they have business relationships, whether they were necessary or not. Recent studies funded by the California Healthcare Foundation have shown that many companies have refused to unnecessarily enter into agreements with other covered companies and have also entered into agreements with providers who did not have access to PHI and would probably never do so. In one case, a covered company required its landscaper to sign a DE LIPPA counterparty agreement. `counterparty` means any natural or legal person who is not a member of the staff of a classified entity, who performs functions or activities on behalf of a classified entity or who provides the classified entity with certain services which involve the counterparty`s access to protected health information. A «business partner» is also a subcontractor who creates, receives, maintains or transmits protected health information on behalf of another counterparty. Typically, HIPC rules require companies and covered counterparties to enter into contracts with their counterparties to ensure that counterparties adequately protect protected health information. The counterparty agreement shall also aim to clarify and, where appropriate, limit the use and disclosure of health information protected by the counterparty on the basis of the relationship between the parties and the activities or services performed by the counterparty.

A counterparty may only use or disclose protected health information if its counterparty agreement permits or requires it or if required to do so by law. A counterparty is directly liable under HIPAA rules and is subject to civil and, in some cases, criminal penalties, for the use and disclosure of protected health information that is not permitted by its contract or imposed by law. . . .