In this episode we discuss the definition of a Business Associate. How do you find your Business Associates and what should your process for managing them include.

Glossary

A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations.

Notice of Privacy Practices (NPP) is the document CEs provide to patients when they begin treatment or coverage. It is the document that defines the CEs Privacy, Security, and Breach Rule commitments to the patient.

Links

WEDI BA Decision Tree

WEDI Business Associates & HITECH Deep Dive

FindHealthcareIT

HIPAAforMSPS.com

Kardon Compliance

Notes

1. Anyone that CReMaTs PHI on behalf of a CE or another BA

Another way to think of it Produced, Received, Saved, Transferred

2. Upstream and Downstream BAs

3. BAAs and what they really mean

4. What are BAs supposed to do?

• Security Rule,
• Breach Plan,
• Portions of the Privacy rule.
• OCR - do what CEs are required to do.

5. BA Due Diligence

6. Finding them in your organization.

• 1099s,
• subcontractors,
• software vendors.

7. Don't go crazy making everyone a BA - Incidental exposure applies for electricians and others.