Overview: This article outlines the Terms & Conditions within the Dandy Practice Agreement, including the Business Associate Agreement (BAA) for HIPAA compliance.
Practice Agreement Overview
When a practice signs with Dandy, it agrees to the Terms & Conditions set forth in the Practice Agreement. These terms define the legal relationship and operational boundaries between the practice and Dandy.
Business Associate Agreement and PHI
The Business Associate Agreement (BAA) is embedded within the Dandy Terms & Conditions. As a HIPAA-compliant Business Associate, Dandy uses the Business Associate Agreement to safeguard Protected Health Information (PHI).
Dandy secures Protected Health Information through the following methods:
-
Role-Based Access: Dandy limits data access based on each individual's role.
-
Minimum Necessary Disclosure: Dandy only discloses the minimum amount of Protected Health Information required for billing and essential services.
Practice Agreement Topics
The Practice Agreement covers the following primary legal and operational areas:
-
Definitions: Clear explanations of legal terms used throughout the agreement.
-
Permitted Uses and Disclosures of PHI: Specific scenarios where Dandy is allowed to use or share Protected Health Information.
-
Obligations of Business Associate: Dandy's responsibilities in maintaining security and compliance.
-
Reportable Events: Procedures for notifying the practice of any data incidents.
-
Obligations of Covered Entity: The responsibilities of the practice under the agreement.
-
Term and Termination: Details on the duration of the agreement and how either party can end the partnership.
-
IT Policy for Practice-Provided Equipment: Guidelines for using equipment provided by the practice.
-
Miscellaneous: Standard legal clauses and additional provisions.
Related Information