RE: to sign or not to sign

[Dee Warrington]

Jim,   According to CMS, a software vendor is a business associate of a covered entity as long as the vendor needs access to the PHI of the covered entity in order to provide its service.  Therefore, you are only required to enter into a BAA.   Dee Warrington Director, HIPAA and Regulatory Compliance OAO HealthCare Solutions, Inc. 20955 Warner Center Lane Woodland Hills, CA  91367 (818) 598-6606 Fax: (818) 598-3270 [EMAIL PROTECTED] -----Original Message----- From: Jim Randolph [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 8:39 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign Let me carry this a step further.  We are a software vendor that has received BACs, TPAs and Chain of Trust agreements from different customers. As a vendor to this particular customer base we are exposed to PHI but never manipulate it in any way.  Our support personnel do review setup configurations, billing problems or DB issues; but don’t do anything to PHI.  Attorneys and consultants are advising our customers so differently that no matter what, we end up being “the evil vendor.”  Some of the BACs we receive are rather ridiculous, like requiring us to assume financial liability if our customer has any HIPAA problems in the future.   The question for the group is: What is required in this scenario a BAC, TPA or COT?   Jim Randolph The Echo Group     -----Original Message----- From: Traci Winter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 3:49 PM To: WEDI SNIP Privacy Workgroup List Subject: to sign or not to sign   OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement.   Thanks, Traci Winter --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org