Steven Posnack
Office of the National Coordinator (ONC), 330 C Street, SW, Suite 409 Washington, DC 20201.
Dear Mr. Posnack,
Please replace my earlier submission with this submission. The content has not changed, only the identity of the submitter.
The submission is on behalf of the Privacy Committee of MITA's MII Section. MITA (Medical Imaging & Technology Alliance) is the leading trade association for manufacturers of medical imaging and radiation therapy system equipment.
This submission transmits the model Business Associate Agreement and responds to selected questions:
Information about MITA is at www.medicalimaging.org
RESPONSES TO SELECTED ONC QUESTIONS:
>
> 3. Business Associates
>
> A) How does you organization ensure compliance with the
> privacy and security policies of covered entities with whom
> it contracts, particularly when there are numerous contracts?
>
> In order to assist uniform compliance with numerous
> contracting partners the SPC developed a model BA agreement.
> This has been used many times by healthcare providers making
> the contraqctual assurance comprehensive with minimum cost
> for the contracting process. The model BA agreement has been
> endorsed by the hospital association. The model agreement is
> at:
> http://www.nema.org/prod/med/security/upload/2002-10-31-Introd
uction_to_NEMA_HIPAA_BAA_Sample_Language.pdf and
> http://www.nema.org/prod/med/security/upload/AHA-NEMA_BAA_with
> SecRule.pdf
>
> B) How do you handle business associate contracts with
> large numbers of covered entities including compliance with
> each covered entity's privacy policies?
>
> See answer to A above.
>
> C) How are business associate agreements negotiated? Do
> you have a standard contract?
>
> There is a standard contract employed. See attached.
>
> Sincerely,
> Stephen Vastagh
> Director, International and Industry Programs
> MITA (Medical Imaging & Technology Alliance)
> 1300 N 17th St
> Arlington, VA 22209
> svastagh@medicalimaging.org
> 703-841-3281