Business Associate Agreement
Sheila M Press
Description
Collection
Title:
Business Associate Agreement
Creator:
Sheila M Press
Date:
3/5/2003
Text:
As you are aware, the compliance date for the HIPAA Privacy Rule is April
14, 2003, just a few weeks away. On Sunday, April 2, I attended a class in
Chicago that was the final one in a series of four at which high-level
personnel from DHHS gave presentations on various aspects of the privacy
regulations. The presenters included the director of the Office of Civil
Rights (charged with enforcement of the Privacy Rule) as well as members of
the attorney general’s office. There was also a complicated process by
which attendees could submit questions to this panel of experts. By
attending the final class, we had the benefit of receiving information based
upon questions that had been asked at the other three seminars. Prominent
among these subjects was the concept of “business associate” and the
relationships involving these entities. It is very important to note that
clarification by the government of the issues that are the subject of the
privacy regulations is an ON-GOING PROCESS.
One of the issues addressed directly was whether a central fabrication
facility that received personal health information was included in the
definition of “business associate.” In fact, the panel stated that an
entity that receives personal health information in order to fabricate an
item specifically for a patient is NOT a business associate but rather is
part of “treatment” as defined in the law. Therefore, it is not necessary
to obtain a business associate agreement from such an entity.
Sheila Press, Esq., MBA
Healthcare Compliance Solutions, Inc.
13653 East Aster Drive
Scottsdale, AZ 85259
Tel: 480-767-9477
Fax: 480-614-8782
E-mail: <Email Address Redacted>
Web: <URL Redacted>
14, 2003, just a few weeks away. On Sunday, April 2, I attended a class in
Chicago that was the final one in a series of four at which high-level
personnel from DHHS gave presentations on various aspects of the privacy
regulations. The presenters included the director of the Office of Civil
Rights (charged with enforcement of the Privacy Rule) as well as members of
the attorney general’s office. There was also a complicated process by
which attendees could submit questions to this panel of experts. By
attending the final class, we had the benefit of receiving information based
upon questions that had been asked at the other three seminars. Prominent
among these subjects was the concept of “business associate” and the
relationships involving these entities. It is very important to note that
clarification by the government of the issues that are the subject of the
privacy regulations is an ON-GOING PROCESS.
One of the issues addressed directly was whether a central fabrication
facility that received personal health information was included in the
definition of “business associate.” In fact, the panel stated that an
entity that receives personal health information in order to fabricate an
item specifically for a patient is NOT a business associate but rather is
part of “treatment” as defined in the law. Therefore, it is not necessary
to obtain a business associate agreement from such an entity.
Sheila Press, Esq., MBA
Healthcare Compliance Solutions, Inc.
13653 East Aster Drive
Scottsdale, AZ 85259
Tel: 480-767-9477
Fax: 480-614-8782
E-mail: <Email Address Redacted>
Web: <URL Redacted>
Citation
Sheila M Press, “Business Associate Agreement,” Digital Resource Foundation for Orthotics and Prosthetics, accessed November 24, 2024, https://library.drfop.org/items/show/220782.