Contractual Agreements Profile Trust Interoperability Profile

Table of Contents

Overall Organization

Trustmark Definition Checklist

Valid HIPAA Business Associate

Issuance Criteria:
no(assessment_01) and (yes(assessment_02) or yes(assessment_03))


Contractual Agreements with HIPPA-Covered Entities

Issuance Criteria:
yes(ALL)


Redress Policy

Issuance Criteria:
yes(ALL)


Contractual Agreements Profile Trust Interoperability Profile

URI:
http://ncsc.org/trustmarks/trustmark-definitions/contractual-agreements/contractual-agreements-TIP/1.0/

Description:
This Trust Interoperability Profile specifies requirements for Contractual Agreements between HIPAA-Covered Entities and Business Associates/Qualified Service Organizations.

References

Trustmark Definition Requirements

Trust Interoperability Profiles

Trust Expression:

TD_01 AND TD_02 AND TD_03

HIPAA Business Associate Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/contractual-agreements/HIPAA-Business-Associate/1.0/

Description:
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for acceptance criteria as related to overall system and services acquisition requirements.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Valid HIPAA Business Associate

Description: The organization MUST be a valid HIPAA Business Associate.

Issuance Criteria:
no(assessment_01) and (yes(assessment_02) or yes(assessment_03))

Business Associate/Qualified Service Organization Agreements Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/contractual-agreements/Business-Associate-Agreements/1.0/

Description:
This Trustmark Definition defines requirements for a HIPAA Business Associate’s contractual agreements with HIPAA-covered entities.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Contractual Agreements with HIPPA-Covered Entities

Description: The organization’s contractual agreements with HIPAA-covered entities MUST meet requirements.

Issuance Criteria:
yes(ALL)

Redress Policy Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/contractual-agreements/Redress-Policy/1.0/

Description:
This Trustmark Definition defines conformance for an organization having a Redress Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Redress Policy

Description: The organization MUST have an acceptable Redress Policy.

Issuance Criteria:
yes(ALL)

Glossary

Term Definition
HIPAA Health Insurance Portability and Accountability Act of 1996
PHI Protected Health Information
Redress Laws, policies, and procedures that address public entity responsibilities with regard to access/disclosure and correction of information and the handling of complaints from persons regarding protected information about them which is under the entity’s control and which is exempt from disclosure and not disclosed to the individual to whom the information pertains.