On your unrelated matter, I, too, don't see where there is a business associate relationship between a dental insurer and the law firm, or even between the dental insurer and the law firm's "group health plan."
The U.S. Department of Health and Human Services Office of Civil Rights, the agency charged with enforcement of the HIPAA Privacy Rules, recently issued guidance that specifically addresses this point. The guidance (which can be found at http://www.hhs.gov/ocr/hipaa/privacy.html) states the following at p. 52: "Q: Is a health insurance issuer or HMO who provides health insurance or health coverage to a group health plan a business associate of the group health plan? A: A health insurance issuer or HMO does not become a business associate simply by providing health insurance or health coverage to a group health plan. The relationship between the group health plan and the health insurance issuer or HMO is defined by the Privacy Rules as an organized health care arrangement (OHCA), with respect to the individuals they jointly serve or have served. Thus, these covered entities are permitted to share protected health information that relates to the joint health care activities of the OHCA. . . . " The guidance also states, at pp. 47-48: "Q: Are covered entities that engage in joint activities under an organized health care arrangement (HCA) required to have business associate contracts with each other? A: No. Covered entities that participate in an OHCA are permitted to share protected health information for the joint health care activities of the OHCA without entering into business associate contracts with each other. . . . " I hope this is helpful. Judi Judith A. Langer, Attorney Privacy Official Cobalt Corporation The opinions expressed in this e-mail are my own and not necessarily those of Cobalt Corporation. -----Original Message----- From: Jason Cantos [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 12:24 PM To: WEDI SNIP Privacy Workgroup List Subject: business associate questions I work in a small law firm. A couple of our clients asked us to sign business associate agreements. These business associate agreements require the law firm to adopt HIPAA specific policies and procedures. Are there any business associates (law firms specifically) that are doing this? On an unrelated matter, the provider of our dental insurance asked us to sign a business associate agreement, with us as the business associate--I just don't see how we are a business associate in this situation. Thanks so much for your help. _________________________________________________________________ --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org