Help Me With HIPAA artwork

Episode 2: Business Associates

Help Me With HIPAA

English - May 21, 2015 20:13 - 30 minutes - 28.3 MB - ★★★★★ - 61 ratings
Business Technology hipaa businessassociate coveredentity privacy security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Next Episode: Episode 1 - Who & What is Help Me With HIPAA

In this episode we discuss the definition of a Business Associate.  How do you find your Business Associates and what should your process for managing them include.


Glossary

A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations.


 


Notice of Privacy Practices (NPP) is the document CEs provide to patients when they begin treatment or coverage.  It is the document that defines the CEs Privacy, Security, and Breach Rule commitments to the patient.  


 


Links

WEDI BA Decision Tree


WEDI Business Associates & HITECH Deep Dive


 FindHealthcareIT


 HIPAAforMSPS.com


 Kardon Compliance


 


Notes

1. Anyone that CReMaTs PHI on behalf of a CE or another BA 


    Another way to think of it Produced, Received, Saved, Transferred


2. Upstream and Downstream BAs


3. BAAs and what they really mean


4. What are BAs supposed to do?  

 Security Rule, 
 Breach Plan, 
 Portions of the Privacy rule.  
 OCR - do what CEs are required to do.

5. BA Due Diligence


6. Finding them in your organization.  

   1099s, 
   subcontractors, 
   software vendors.

7. Don't go crazy making everyone a BA - Incidental exposure applies for electricians and others.