HIPAA Business Associate Qualifying Questions
Do You Believe the Vendor Is a Business Associate?
The vendor:
- Provides a service that requires them to view patient information.
- Provides a service that requires them to store patient information. It does not matter if:
- they look at the information
- they never look at the information
- the information is in sealed packaging
- the information is encrypted
- the information is in locked cabinets or cages
- the information is protected by logins and passwords.
- Provides a product or service that may allow the installers or support technicians to access patient information (even data files, not just the individual records) or can view your screen remotely.
For example:
- Electronic Health Records
(EHR) program vendors - PACS imaging program vendors
- Drug dispensing cart vendors
- Diagnostic device vendors
- IT companies
- Online backup providers
- Cloud services
- Copier technicians (if your copiers have internal hard disk drives,)
- Staffing companies
- Lawyers that represent you in malpractice cases or collections
- Accountants that audit your books
- Shredding Companies
- Revenue Cycle Management consultants
- Outsourced Transcriptionists
- Outsourced Coders
- Outsourced therapists, consultants, etc. that may access your data
- Medical schools and nursing schools that require your patient information to evaluate their students
- Medical Records storage companies
- Utilization Reviewers
- Insurance
- Agents that sell health plans
Will They Sign a Business Associate Agreement?
Many companies that provide services that qualify them as Business Associates are not aware or deny they are Business Associates, and will not sign Business Associate Agreements. If a company meets the criteria listed above and will not sign a Business Associate Agreement, you cannot work with them, or anything they see will be a data breach.
Semel Consulting works with Covered Entities, Business Associates, and Subcontractors to properly manage HIPAA compliance.
MIKE SEMEL | www.SemelConsulting.com