Written By: Margaret Scavotto, MPA and Sarah Badahman, HIPAAtrek On April 2, 2020, the OCR issued a Notification of Enforcement Discretion under HIPAA to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and...
If you have a startup that provides a product or service to medical practices, you know there are regulations governing how you collect and use your clients’ data. If you handle the health information of your clients’ patients, you are your clients’ business...
The HIPAA business associate agreement (BAA) lays out your business associate’s obligations to protect your data. The previous blog gave an overview of BAAs. Let’s hone in on six important BAA provisions: Permissible uses and disclosures of protected...
Business Associate Agreements (BAAs) are a particular type of contract, dictated by HIPAA, which outlines the responsibilities of another party you’re doing business with when it comes to Protected Health Information (PHI). While it may seem straightforward—this...
Before you outsource any of your organization’s functions to a third party, you need to do your research. Will the vendor handle PHI on behalf of your organization? If so, they’re a business associate (BA). Then conduct due diligence to be sure you can trust the...
In the last blog, you used a Business Associate Decision Tree to find if your vendors are business associates (BAs) under HIPAA. But good vendor management begins before you enter a contract with a third party. Before hiring a vendor, you must exercise due diligence....