• AI
  • Molecular Imaging
  • CT
  • X-Ray
  • Ultrasound
  • MRI
  • Facility Management
  • Mammography

HIPAA experts alert business associates of covered facilities

Article

Most HIPAA dialogue has focused on the big players: large healthcare systems, hospitals, and national health plans. But the class of businesses that have working relationships with those big players may be considered "covered entities" and thus subject

Most HIPAA dialogue has focused on the big players: large healthcare systems, hospitals, and national health plans. But the class of businesses that have working relationships with those big players may be considered "covered entities" and thus subject to the law as well.

"The effects of HIPAA on business associates of covered entities - equipment vendors, consultants, accountants, law firms - have not been fully explored in the media," said Tracy Field, an attorney with Arnall Golden Gregory in Atlanta.

The privacy rule also applies to enterprises that use or disclose protected health information in order to perform a function or activity on behalf of a covered entity. Covered entities must therefore enter into written contracts that bind their business associates to several obligations under the privacy rule.

Clearly, firms assisting in radiographic imaging and storing the data on the tapes are considered to be business associates. Several nuances in the regulations determine whether an agreement is needed, however, said Kristen Hughes, general counsel and director of HIPAA services for SG&A Consulting.

If the relationship does not involve the use or disclosure of protected information, for example, an agreement may not be needed at all. Conversely, companies performing services on behalf of a covered entity that involve or may involve the use or disclosure of such information will likely be asked to execute a business associate agreement, Hughes said.

"Business associates should be careful about contracts they are asked to sign because there were some HIPAA modifications made in August. Some versions still floating on the Web have not been updated," Field said.

It is important to understand that HIPAA does not directly regulate third parties, according to Hughes. Only covered entities are required to adhere to HIPAA's standards. It is the covered entity that will be held accountable under HIPAA and must answer for noncompliance. Therefore, business associates need to be aware that agreements will likely be written from the provider's perspective.

In particular, many providers seek indemnification in the event of a privacy breach.

"Before signing all those contracts, be sure you have insurance coverage," Field said. "There are some business associate contracts in which the hospital may want access to all your record keeping. You may not want them to have that access, and it's not required under the business associate agreements."

Related Videos
Emerging Research at SNMMI Examines 18F-flotufolastat in Managing Primary and Recurrent Prostate Cancer
Could Pluvicto Have a Role in Taxane-Naïve mCRPC?: An Interview with Oliver Sartor, MD
New SNMMI President Cathy Cutler, PhD, Discusses Current Challenges and Goals for Nuclear Medicine
Where the USPSTF Breast Cancer Screening Recommendations Fall Short: An Interview with Stacy Smith-Foley, MD
A Closer Look at MRI-Guided Transurethral Ultrasound Ablation for Intermediate Risk Prostate Cancer
Improving the Quality of Breast MRI Acquisition and Processing
Can Fiber Optic RealShape (FORS) Technology Provide a Viable Alternative to X-Rays for Aortic Procedures?
Does Initial CCTA Provide the Best Assessment of Stable Chest Pain?
Making the Case for Intravascular Ultrasound Use in Peripheral Vascular Interventions
Can Diffusion Microstructural Imaging Provide Insights into Long Covid Beyond Conventional MRI?
Related Content
© 2024 MJH Life Sciences

All rights reserved.