Cindy,
You might take a look at CFR Vol. 65, No. 250, p. 82476, the Comments
Section 160-164 which state, in pertinent part:
"[B]usiness associate contracts or other arrangements are only required for
those cases in which the covered entity is disclosing information to
someone or some organization that will use the information on behalf of the
covered entity, when the other person will be creating or obtaining
protected health information on behalf of the covered entity, or when the
business associate is providing the specified services to the covered
entity and the provision of those services involves the disclosure of
protected health information by the covered entity to the business
associate. �For example, when a health care provider discloses protected
health information to health plans for payment purposes, no business
associate relationship is established."
One has to read between the lines here, and there is no clear-cut answer.
For example, though PHI may be disclosed by a provider to a payer for
payment purposes, because the payer is not performing a service for the
provider, not really acting "on behalf of the provider" (though the
provider benefits by being paid), the Comments suggest that the payer is
not a business associate of the provider for the purposes of Section
160.103 (Business Associate Definition), unless there are other functions
that the payer is performing that directly benefit the provider. �What
function must one covered entity perform in order to be deemed a business
associate of another? �That will be a matter of interpretation, but
certainly we can consider those functions listed in Section 160.103(1)(ii),
p. 82799.
Peter
************************************************
Peter B. Goldstein
Cap Gemini Ernst & Young, US LLC
4610 South Ulster Street, Suite 600
Denver, Colorado �80237-4323
(303) 796-4148 (Direct)
(413) 740-0512 (Facsimile)
cap comm: 657 4653
[EMAIL PROTECTED]
************************************************
**********************************************************************
To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy
and enter your email address.
