Ian, Jim,
I currently am working with 9 software authors/dealers and have advised on
the subject of business associate agreements. There are a couple of very
different flavors I have put together. If you're interested, e-mail me off
list and I'll send you a couple samples I have put together for them to
send to their clients. On the subject of appropriateness of a vendor
initiating, I think provider opinion will vary -- some medical providers on
this list have clearly expressed their desire not to receive these. I
think the ones who are happy to receive these agreements are the ones who
do not participate on lists like this.
One advantage the vendor has is in a clear understanding of their business
and operations which allows crafting an appropriately worded "allowed uses
and disclosures clause". Here is one for a practice management vendor who
offers EDI software and clearinghouse services:
"Business Associate is authorized to use protected health information for
the purposes of computer system training, software support, support for the
proper use and operation of EDI software, EDI clearinghouse support, data
format conversion, and troubleshooting the operation of computerized
practice management system. Business Associate may access all information
in the computerized practice management and transmitted to the EDI
clearinghouse for the purposes of verifying proper use, operation and
function of the software."
Gary Pritts
Eagle Consulting Group
HIPAA Strategies, Compliance and Education
<?xml:namespace prefix = st1 ns
= "urn:schemas-microsoft-com:office:smarttags" />1568 Northland Ave. /
Lakewood, OH 44107
(216) 228-7959 voice (216) 233-4960 cell (216) 228-6272 fax
E-mail: [EMAIL PROTECTED]
-----Original Message-----
From: Ian Leedom [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 12:23 PM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: to sign or not to sign
I also represent a software vendor in a similar situation. Our take
has been that we must have Business Agreements (BA) with the CE's
simply because we have access to PHI. It also means that at some
level, we need to know who has in fact accessed things and when. I
think that the fact that you have access to a DB which has PHI in it
is enough to trigger all of the privacy rule in HIPAA .
My problem, and I'd love to hear from others about this, is what sort
of BA we should in fact have. We have enough clients that if we send
every agreement from every client to our corporate attorneys then
we'll be bankrupt before April. And you're right that some clients
want indemnification for things which are THEIR business and for us
to keep data even after a business contract has ended. If anyone has
any to add to this, I for one would love to hear it.
Ian Leedom
Psyche Systems
321 Fortune Blvd.
Milford, MA 01757
Tel: (508) 473-1500 x341
Compliments humbly accepted. Flames cheerfully ignored.
-----Original Message-----
From: Jim Randolph [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 11:39 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: to sign or not to sign
Let me carry this a step further. We are a software vendor
that has received BACs, TPAs and Chain of Trust agreements from
different customers.
As a vendor to this particular customer base we are exposed to
PHI but never manipulate it in any way. Our support personnel
do review setup configurations, billing problems or DB issues;
but don't do anything to PHI. Attorneys and consultants are
advising our customers so differently that no matter what, we
end up being "the evil vendor." Some of the BACs we receive
are rather ridiculous, like requiring us to assume financial
liability if our customer has any HIPAA problems in the future.
The question for the group is: What is required in this
scenario a BAC, TPA or COT?
Jim Randolph
The Echo Group
-----Original Message-----
From: Traci Winter [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 22, 2003 3:49 PM
To: WEDI SNIP Privacy Workgroup List
Subject: to sign or not to sign
OK so the next question is do we sign these BACs or just
put them in the round file. Your answers reflected what
my impression was, but I wanted reinforcement.
Thanks,
Traci Winter
---
---
The WEDI SNIP listserv to which you are subscribed is not
moderated. The discussions on this listserv therefore represent
the views of the individual participants, and do not
necessarily represent the views of the WEDI Board of Directors
nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be
used for commercial marketing purposes or discussion of
specific vendor products and services. They also are not
intended to be used as a forum for personal disagreements or
unprofessional communication at any time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe
form at http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is
not the same as the address subscribed to the list, please use
the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated.
The discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views
of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive
an official opinion, post your question to the WEDI SNIP Issues
Database at http://snip.wedi.org/tracking/. These listservs should
not be used for commercial marketing purposes or discussion of
specific vendor products and services. They also are not intended to
be used as a forum for personal disagreements or unprofessional
communication at any time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form
at http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the
same as the address subscribed to the list, please use the
Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of the
WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official
opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same
as the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions
on this listserv therefore represent the views of the individual participants, and do
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If
you wish to receive an official opinion, post your question to the WEDI SNIP Issues
Database at http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and services.
They also are not intended to be used as a forum for personal disagreements or
unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: [email protected]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the
address subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
