HIPAA Business Associates Leadership Group Meeting June 28, 2001.
8
HIPAA Business Associates Leadership Group Meeting June 28, 2001
-
Upload
dwayne-atkins -
Category
Documents
-
view
222 -
download
0
Transcript of HIPAA Business Associates Leadership Group Meeting June 28, 2001.
HIPAA Business Associates
Leadership Group Meeting
June 28, 2001
Privacy Rule Definitions
Business AssociatesA person or organization who on our behalf, performs or
assists in the performance of: A function or activity involving the use or disclosure of individually
identifiable health information, including claims processing or administration, data analysis, utilization review, quality assurance, billing, benefit management, and practice management…or provides…legal, actuarial, accounting, consulting, data aggregation, accreditation, or financial services…where the provision of service involves the disclosure of individually identifiable health information…to the person or organization.
Privacy Rule Definitions
Individually Identifiable Health Information or Protected Health InformationHealth information, past, present or future physical or
mental health or condition, (including demographic information collected from an individual), in any form (whether oral or written), created by or received (1) that identifies the individual or (2) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.
Individual Identifiers
Names All geographic subdivisions smaller
than a State… All elements of dates (except year)
for dates directly related to an individual…
Birth date, admission or discharge date
Telephone numbers Fax numbers Electronic mail addresses Social security numbers Medical record numbers Health plan beneficiary numbers Account numbers
Certificate/license numbers Vehicle identifiers and serial numbers Device identifiers and serial numbers Web Universal Resource Locators
(URLs) Internet Protocol (IP) address
numbers Biometric identifiers Full face photographic images and
any comparable images Any other unique identifying number,
characteristic, or code
Privacy Rule Definitions
Disclosure
The release, transfer, or provision or access to, or divulging in any other manner of information outside the entity holding the information.
Exception for disclosures of PHI by one provider to another provider for treatment (includes consultation & referral) purposes.
Business Associate Examples
Institution handling billing (collection agency) - is a BA
Consulting service receiving PHI - is a BA
Offsite Medical Record storage - is a BA
Software vendors with access to patient data files to trouble shoot
system errors - is a BA
Outside data aggregation services - is a BA
Hospital provides billing services to physician with staff privileges -
is a BA
Business Associate Examples
Consulting service does not receive PHI - not a BAProvider provides PHI to health plan in submitting a
claim for payment - not a BAResearcher receiving information under the Privacy
regulation research provisions - not a BAConduit for PHI (Post Office, electronic equivalent such
as phone or ISP) - not a BAFinancial institution processing transactions (credit
card, lock box) - not a BA
Business Associate Examples
Medicaid or agencies that determine eligibility - not a BA Employees, volunteers, trainees and others under direct
control of covered entity regardless of whether paid - not a BA
Persons under contract who perform a substantial proportion of activities at our location who follow our P & P’s - not a BA
Two covered entities participating in an organized health care arrangement - not BA’s
Physicians with staff privileges treating a patient - not a BA
