Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.

Published byBerenice Barber Modified over 9 years ago

Similar presentations

Presentation on theme: "A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D."— Presentation transcript:

1 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D. email: jjerram@stinson.com www.stinson.com (402) 342-1700 HIPAA Privacy

2 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Business Associate - Defined § 160.103: Federal Register, p. 82798 Preamble – pp. 82475-76 Comments – p. 82567 Where to look in the regulations:

3 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Business Associate - Disclosure Standard § 164.502(e); Federal Register, p. 82806 Preamble – p. 82499 Comments – pp. 82640-45 Where to look in the regulations:

4 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Business Associate - Contract Requirements § 164.504(e): Federal Register, pp. 82808-09 Preamble – pp. 82503-07 Comments – pp. 82640-45 Where to look in the regulations:

5 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 A party who will be governed indirectly by portions of the HIPAA privacy regulations by virtue of his/her/its contractual obligations to covered entities. Who is a Business Associate?

6 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 2 separate groups under the regulations Who are your Business Associates?

7 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 1st Group: Relationship with Covered Entity A person or entity who performs or assists in the performance of a function or activity involving the use or disclosure of PHI on behalf of the Covered Entity. Who are your Business Associates?

8 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Examples include: Claims processing Data analysis UR QA Billing Others Who are your Business Associates?

9 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 2nd Group: Listed Functions A person or entity who provides certain identified services to the Covered Entity, where the provision of services involves disclosure of PHI. Who are your Business Associates?

10 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Services Identified in Privacy Regulations legal actuarial accounting consulting data aggregation management administrative accreditation financial services end of list - no others Who are your Business Associates?

11 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Members of your workforce are not your Business Associates Covered Entities can be Business Associates of other Covered Entities Business Associates

12 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 What’s in a Name? Business Partner –proposed privacy regulations Trading Partner – code sets and transactions Chain of Trust Agreements – proposed security standards Business Associates

13 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Education Survey tools Inventory existing contracts How to Identify your Business Associates:

14 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Who has authority to execute contracts? (don’t forget satellite locations, affiliated entities) Where are existing contracts kept? How many oral contracts are “out there?” Are you the Covered Entity or the Business Associate? How to Identify your Business Associates (cont’d) :

15 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Is the use/disclosure of PHI really necessary? Always ask this question:

16 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Is the use/disclosure of PHI necessary for B/A to carry out its own function or is B/A carrying out function on behalf of the C/E? Now, let’s complicate things:

17 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Disclosures to B/A is an exception to the general rule under HIPAA: No use/disclosure unless there’s an exception in the regulations. Disclosures to Business Associates

18 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 A C/E may disclose PHI to a B/A and may allow a B/A to create or receive PHI on its behalf, if the C/E obtains satisfactory assurance that the B/A will appropriately safeguard the PHI. Disclosures to Business Associates

19 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 “SATISFACTORY ASSURANCE”

20 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 “Satisfactory Assurance” requires a written contract or other written agreement or arrangement with the B/A that meets the requirements of § 164.504(e) Disclosures to Business Associates

21 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Requirements under § 164.504(e) Establish the B/A’s permitted/required uses and disclosures of PHI Contract may not authorize the B/A to use/further disclose PHI in a manner that would violate the regulations if done by the C/E Has the C/E agreed to any restrictions on its own uses/disclosures?

22 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 B/A Contract must provide that the B/A will: Not use/further disclose PHI other than as permitted/required by the contract or as required by law; Use “appropriate safeguards” to prevent use/disclosure of PHI other than as provided for by its contract. § 164.504(e)

23 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 B/A Contract must provide that the B/A will: (cont’d) Report to the C/E any use/disclosure of PHI not provided for by its contract; Ensure that any agents, including subcontractors, agree to same restrictions; § 164.504(e)

24 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 B/A Contract must provide that the B/A will: (cont’d) Make PHI available in accordance with § 164.524 (access to individuals); Make PHI available for amendment and incorporate any amendments in accordance with § 164.526; § 164.504(e)

25 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 B/A Contract must provide that the B/A will: (cont’d) Make available the information required for the C/E to provide an accounting of disclosure pursuant to § 164.528; Make its internal practices, books and records relating to use/disclosure of PHI available to HHS Secretary; § 164.504(e)

26 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 B/A Contract must provide that the B/A will: (cont’d) Return or destroy all PHI upon termination of the contract – if not feasible to return/destroy, then the contractual protections must be extended to limit any further uses/disclosures; § 164.504(e)

27 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 B/A Contract must provide that the B/A will: (cont’d) Authorize termination of the contract by C/E if C/E entity determines that the B/A has violated a material term of the contract; and § 164.504(e)

28 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 B/A Contract should also provide that the B/A will: (cont’d) Retain records for 6 years (enables the C/E to comply with its own duties under Individual Rights)

29 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Intended Third Party Beneficiary clause is NOT required under final privacy regulations A Welcome Change from the Proposed Regulations

30 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Business Associate contracts MAY permit: The B/A to use/disclose PHI for the proper management and administration of the B/A or to carry out the legal responsibilities of the B/A.

31 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 If you are the B/A, you might want to include this permissible provision. Business Associate contracts

32 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 C/E is NOT in compliance with § 164.502(e): C/E knew of a pattern of activity or practice of the B/A that constituted a breach – unless C/E took “reasonable steps” to cure the breach. Covered Entity’s Compliance

33 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 If C/E’s “reasonable steps” were unsuccessful, C/E must: Terminate the contract; or If termination is not feasible, report the problem to the HHS Secretary. Covered Entity’s Compliance

34 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 What does this mean? C/E must have knowledge of the breach C/E liable if it fails to respond (cure, terminate and/or report) Covered Entity’s Compliance

35 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Identify potential B/A situations. –Are you the C/E? –Are you the B/A? –Is PHI really necessary? Steps to Compliance

36 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Is a B/A contract required? –Is there already a contract in place? –When/how does it terminate? –What is required to amend it? Steps to Compliance

37 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Privacy Addendum Whole new agreement Placeholder language Individualize B/A requirements as needed Steps to Compliance

38 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Coordinate with Security/Code Sets Compliance Efforts Steps to Compliance

39 A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 JOIN THE NE-SNIP PRIVACY WORK GROUP! Steps to Compliance

Download ppt "A Professional Corporation Stinson, Mag & Fizzell (402) 342-1700 Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D."

Similar presentations

Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.

Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.
H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Patient Privacy Rules May 2002. Robert M. Portman, J.D. (202) 639-6880 Jenner & Block 601 13 th Street, NW Washington, DC 20005.

HIPAA Patient Privacy Rules May Robert M. Portman, J.D. (202) Jenner & Block th Street, NW Washington, DC
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City www.spencerfane.com www.UBAbenefits.com This Employer.

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.

H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.

Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.

Similar presentations

Ads by Google