http://library.ahima.org/xpedio/groups/public/documents/ahima/bok3_005270.hcsp?dDocName=bok3_005270
Click above link for full article.
Identifying Your Business Associates Under the HIPAA Privacy
Regulations
by Michael C. Roach, JD
The HIPAA privacy regulations require that covered entities have written
agreements in place before disclosing protected health information (PHI) to
business associates.1 The regulations also
require specified provisions be included in business associate agreements
(BAAs).2 Most likely none of your existing BAAs
satisfy all of the requirements of the regulations. Consequently, you need to
locate all of your existing agreements with business associates and start
amending those agreements.
It is important to understand who is and who is not a business associate,
because only BAAs need to be amended. A business associate is an entity that on
your behalf, performs or assists in the performance of: (1) any of the
following, if it involves use or disclosure of PHI:
• Claims processing or administration; • Data analysis; • Processing or
administration; • Utilization review; • Quality assurance; •
Billing; • Benefit management; • Practice management; or • Repricing; |
|