Roy,
I disagree with your conclusion that your collection agency is not a BA, even
if all you give them is a name and an amount.
The definition of PHI draws on the definition of Individually Identifiable
Health Information which is defined in section 160.103. That definition says
that IIHI is
Title: RE: Another thread on Security/Privacy question
With
the population we serve, credit cards are not an issue. These are accounts that
did not qualify as free care and were made self pay. The collection agency
merely has contact information and an amount. But the issue was not a privacy
I have not seen this question posted on this forum and it
relates to patient’s right to request an amendment to their PHI. I know that we must account for all
disclosures of PHI excluding the stated exemptions (for TPO, to the individual,
based on an authorization etc.) and that if we agre
Title: RE: Another thread on Security/Privacy question
Roy,
I would agree with your conclusions with
regard to HIPAA but you will probably none the less need a privacy agreement
with the collections agency not to disclose or sell credit card information. The
FTC does not look too favor
Hello-
Does any one have a brief, but to the point Business Associate
agreement policy out there. I am needing to create one, but have not come
across any in my travels. Please email me with one. Any help would be
appreciated. Thanks
Tamra Behrens
Compliance Analyst
Sierra View District Hosp
I apologize for redundancy if this has already been addressed
I wonder if anyone can point me to a resource that indicates how a BAA might
be structured if both entities are a covered entity? For instance, in the
case of an agreement between a clearinghouse and provider. Should the
clearingh
Title: RE: Business Associate Contracts
To answer your last question, I would say no, because the provider is not "using or disclosing PHI on behalf of" the clearinghouse. It is the other way around. So the clearinghouse is the BA.
Deborah Campbell
Compliance Coordinator
Dominion Dental Ser
Title: RE: Another thread on Security/Privacy question
The name and the credit card number are not PHI under HIPAA. It does not become PHI until some health information is added. If the information contains CPT codes, for example, then you would either need to include that information in the
Matt -- Thanks for the update. I have a couple of suggestions. First, I
hope you understand that I participate in this list because, as an
attorney, I represent covered entities and business associates. As an
attorney and a business associate, I emphasize with the struggles that
covered entities an