BIDMCtoday: HIPAA Countdown August 2002

HIPAA Countdown

Q. Who is a “business associate” under HIPAA’s privacy regulations? What precautions must BIDMC employees take when sending patient information to business associates?

A. HIPAA’s privacy regulations define a “business associate” as a person or entity to whom the medical center (or another business partner acting on our behalf) gives our protected health information so that they can do something with our information for us. Examples of “business associates” include lawyers, auditors, consultants, third-party administrators, transcriptionists, data processing firms and billing firms. Since “business associates” are not necessarily covered entities required to follow the Privacy Rule, BIDMC must protect its information through a separate contract with each associate. Currently we are identifying our “business associates” and will be developing an agreement for them to sign.

More information on HIPAA: www.hipaadvisory.com/regs/

Around BIDMC Calendar In the News HMS & BIDMC Teaching Awards Honors BIDMCtoday Home	HIPAA Countdown Q. Who is a “business associate” under HIPAA’s privacy regulations? What precautions must BIDMC employees take when sending patient information to business associates? A. HIPAA’s privacy regulations define a “business associate” as a person or entity to whom the medical center (or another business partner acting on our behalf) gives our protected health information so that they can do something with our information for us. Examples of “business associates” include lawyers, auditors, consultants, third-party administrators, transcriptionists, data processing firms and billing firms. Since “business associates” are not necessarily covered entities required to follow the Privacy Rule, BIDMC must protect its information through a separate contract with each associate. Currently we are identifying our “business associates” and will be developing an agreement for them to sign. More information on HIPAA: www.hipaadvisory.com/regs/