" business associate Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘business associate’

HIPAA Business Associate Agreement: Do I Need One?

Thursday, July 12th, 2018

A business associate (BA) is an individual or an entity who could come in contact with protected health information (PHI) by providing services to or performing activities on behalf of covered entities. Your employee is not a business associate, but your web host, email encryption service, billing company and lawyers could be, and these are just four examples. BAs of BAs (BA’s contracting with your vendors) further extend the chain.

Not all entities that access PHI must be business associates. For instance, the cleaning company that disposes trash from your office does not qualify as a business associate even though there is a possibility of the cleaning crew coming in contact with identifying patient information in dustbins or laying on FAX machines or desks (though if they do, then your employees did not manage the PHI properly). However, it is important to have a clear reporting mechanism in place where cleaning company workers can alert a point person in your office when they come across PHI.

Business associate agreement do I need one?

The Omnibus Rule provides multiple categories of business associates, including health information organizations (HIOs), anyone offering personal health records to individuals on behalf of covered entities, and covers a variety of service categories such as data aggregation, accreditation, actuarial and administrative services dispensed to a covered entity provided such services involve the disclosure of patient health information. Use this link for more information on business associates.

Read the rest of this post »

HIPAA 2010: HITECH Impact on Email and Web Outsourcing

Wednesday, January 20th, 2010

Surprise!  HIPAA has changed, gotten bigger, and grown teeth.

The American Recovery and Reinvestment Act (ARRA, or The Obama Stimulus Bill), signed into law in February 2009, includes new, more comprehensive provisions for HIPAA. These provisions are in a section of the bill known as the Health Information Technology for Economic and Clinical Health Act (HITECH).

For organizations that are already required to abide by HIPAA (i.e. the “Covered Entities” of HIPAA), HITECH adds the following requirements:

Read the rest of this post »

LUXSCI