Medical Billing & Medical Coding Blog...

Medical Billing » Blog » Managing HIPAA Risk with Outside Consultants

Managing HIPAA Risk with Outside Consultants

Managing HIPAA Risk with Outside Consultants

Published by: Melissa C. - OMG, LLC. CEO on April 4, 2017

Melissa's Mentions
The rising complexity of healthcare, particularly as it relates to providers’ growing technical needs, is increasingly prompting healthcare organizations to seek the help of outside consultants. In engagements with healthcare entities, thought IT consultants try to minimize interaction with patient data, they often have access to protected health information (PHI). When working with HIPAA Covered Entities, consultants are treated as “business associates” and are required to comply with Privacy Rules designed to protect PHI.

Managing HIPAA compliance when engaging outside consultants requires that consultants enter into a Business Associate Agreement (BAA). The BAA must:

  • Describe the permitted and required uses of PHI by the business associate in the context of their role
  • Provide that the business associate will not use or further disclose the PHI, other than as permitted or required by the contract or by law
  • Require the business associate to use appropriate safeguards to prevent a use or disclosure of the PHI, other than as provided for by the contract

Continue reading this article at HITECH Answers

 

Published by: on April 4, 2017

View all Articles by:

Both comments and pings are currently closed.

Be The First To Comment!

New comments are no longer accepted on this article.

 
Category Sections
Archives
Professional Affiliations
Connect With Us
Feedback
The medical billing blog with billing and coding articles!
Medical Billing & Coding Articles!