.st0{fill:#FFFFFF;}

Episode 2: Business Associates 

 May 21, 2015

By  David Sims

In this episode we discuss the definition of a Business Associate.  How do you find your Business Associates and what should your process for managing them include.

A 5 star review is all we ask from our listeners.
1x
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

Glossary

A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations.

 

Notice of Privacy Practices (NPP) is the document CEs provide to patients when they begin treatment or coverage.  It is the document that defines the CEs Privacy, Security, and Breach Rule commitments to the patient.

 

Links

WEDI BA Decision Tree

WEDI Business Associates & HITECH Deep Dive

FindHealthcareIT

HIPAAforMSPS.com

Kardon Compliance

 

Notes

1. Anyone that CReMaTs PHI on behalf of a CE or another BA

Another way to think of it Produced, Received, Saved, Transferred

2. Upstream and Downstream BAs

3. BAAs and what they really mean

4. What are BAs supposed to do?

  •  Security Rule,
  •  Breach Plan,
  •  Portions of the Privacy rule.
  •  OCR – do what CEs are required to do.

5. BA Due Diligence

6. Finding them in your organization.

  •    1099s,
  •    subcontractors,
  •    software vendors.

7. Don’t go crazy making everyone a BA – Incidental exposure applies for electricians and others.

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: