RE: business associate questions
Jason- I believe it depends on how your are being utilized. It would seem that as legal counsel you may be exposed to PHI when they are asking you to defend them in any litigation brought by a patient or if they are working against an insurance company for non-payment etc. The agreement should state that they require you to adopt their established HIPAA policies to protect the PHI that they disclose to you. So along with the agreement should be how they are placing utilizing reasonable safeguards in place and that you should do the same when using the PHI That is my interpretation of what HIPAA says for us as a covered entity to do Craig Moen, MPT Director of Rehabilitation HIPAA Privacy Official THERAPY 2000 Confidential Information This email message is intended only for the person or entity to which it is addressed. Unless otherwise indicated or obvious by the nature of this transmittal, the information contained in this email message is privileged and confidential, intended for the use of the intended recipient (or the employee or agent responsible to deliver to the intended recipient), you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message THERAPY 2000 1881 Sylvan Avenue Suite 210 Dallas, Tx 75208 -Original Message- From: Jason Cantos [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 12:24 PM To: WEDI SNIP Privacy Workgroup List Subject: business associate questions I work in a small law firm. A couple of our clients asked us to sign business associate agreements. These business associate agreements require the law firm to adopt HIPAA specific policies and procedures. Are there any business associates (law firms specifically) that are doing this? On an unrelated matter, the provider of our dental insurance asked us to sign a business associate agreement, with us as the business associate--I just don't see how we are a business associate in this situation. Thanks so much for your help. _ --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: business associate questions
On your unrelated matter, I, too, don't see where there is a business associate relationship between a dental insurer and the law firm, or even between the dental insurer and the law firm's group health plan. The U.S. Department of Health and Human Services Office of Civil Rights, the agency charged with enforcement of the HIPAA Privacy Rules, recently issued guidance that specifically addresses this point. The guidance (which can be found at http://www.hhs.gov/ocr/hipaa/privacy.html) states the following at p. 52: Q: Is a health insurance issuer or HMO who provides health insurance or health coverage to a group health plan a business associate of the group health plan? A: A health insurance issuer or HMO does not become a business associate simply by providing health insurance or health coverage to a group health plan. The relationship between the group health plan and the health insurance issuer or HMO is defined by the Privacy Rules as an organized health care arrangement (OHCA), with respect to the individuals they jointly serve or have served. Thus, these covered entities are permitted to share protected health information that relates to the joint health care activities of the OHCA. . . . The guidance also states, at pp. 47-48: Q: Are covered entities that engage in joint activities under an organized health care arrangement (HCA) required to have business associate contracts with each other? A: No. Covered entities that participate in an OHCA are permitted to share protected health information for the joint health care activities of the OHCA without entering into business associate contracts with each other. . . . I hope this is helpful. Judi Judith A. Langer, Attorney Privacy Official Cobalt Corporation The opinions expressed in this e-mail are my own and not necessarily those of Cobalt Corporation. -Original Message- From: Jason Cantos [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 12:24 PM To: WEDI SNIP Privacy Workgroup List Subject: business associate questions I work in a small law firm. A couple of our clients asked us to sign business associate agreements. These business associate agreements require the law firm to adopt HIPAA specific policies and procedures. Are there any business associates (law firms specifically) that are doing this? On an unrelated matter, the provider of our dental insurance asked us to sign a business associate agreement, with us as the business associate--I just don't see how we are a business associate in this situation. Thanks so much for your help. _ --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: business associate questions
If your law firm provides any services to any entity in healthcare, I strongly suggest you start getting familiar with HIPAA...in a hurry. Legal services is one of the types of messages specifically mentioned in the section of the regulation addressing business associates. Whether a law firm providing services to a health care entity is a Business Associate or that health care entity will depend essentially on two things: (1) is the health care entity a covered entity under HIPAA, and (2) does the law firm receive protected health information in the course of performing those services. If the answer to both of those questions is yes, then you need to have a Business Associate Agreement with the health care entity. Darrell Rishel, J.D. Director of Information Services Arapahoe House, Inc. This message is not legal advice. -Original Message- From: Jason Cantos [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 11:24 AM To: WEDI SNIP Privacy Workgroup List Subject: business associate questions I work in a small law firm. A couple of our clients asked us to sign business associate agreements. These business associate agreements require the law firm to adopt HIPAA specific policies and procedures. Are there any business associates (law firms specifically) that are doing this? On an unrelated matter, the provider of our dental insurance asked us to sign a business associate agreement, with us as the business associate--I just don't see how we are a business associate in this situation. Thanks so much for your help. _ --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
