Who doesn`t qualify as a partner? The following persons are not considered counterparties within the meaning of the data protection rule: what happens if information is transmitted for processing? Any practice or provider may disclose protected health information (PHI) to a healthcare provider for therapeutic purposes, without a counterparty agreement, as long as the information is used to treat the patient and not for other unrelated purposes. A staff member of the covered company is not a business partner, nor is there anyone who finds patient information (such as a janitor or electrician). However, sometimes a concierge service can play the role of BA. For example, if you destroy sensitive paper documents or perform storage services, this is most likely a BA, because your service to your organization involves access to PHI. Therefore, you need a BAA. Question: We have a regular weekly cleaning service that comes to our office and their crew may observe patients in the waiting room or even accidentally see patient information on their desk or in the trash. Are you a partner? You may not disclose or disclose PHI to counterparties unless both parties have entered into a counterparty agreement. The counterparty agreement contains a confidentiality clause that makes the counterparty responsible for the protection of the PHI. The counterparty may not use or disclose the information in a manner contrary to the data protection rule. Answer: Always check your counterparty agreement first to decide on next steps, as notification requirements may be shorter than HIPAA. But also NOTE – “Ransomware” is considered a HIPC violation unless you can prove that this is not the case. And HIPAA requires that you notify the covered company of a violation immediately, but no later than 60 days after discovery.
HIPAA`s business partners make headlines, and that`s not a good way. HipaA`s worst news to date this year was the breach of 20 million patient information caused by a business partner. If you are a covered entity, you need to know who your business partners are and if you are a business partner, you should learn what you need to do. The cost of non-compliance can be staggering. A collection company, the American Medical Collection Agency (AMCA), caused a breach by revealing the information of 20 million patients from Quest and LabCorp. Today, several class actions have been filed across the country and AMCA is going bankrupt. This is just the latest in a long list of HIPC infringements committed by trading partners. And while AMCA is currently in the hot chair, Quest and LabCorp may also be in trouble, depending on their contracts with AMCA, including their counterparty agreement.** According to HHS, concierge services that clean the offices or facilities of a covered company are generally not business partners. . .