![]() ![]() ![]() Whether or not a covered entity provides medical services, if it can share medical records, it’s considered a covered entity. Covered EntityĪ covered entity is a medical organization defined under HIPAA law ( 45 CFR § 160.103). Medical records are considered sensitive information that may only be shared under HIPAA law. Medical records are known as protected health information (PHI) or electronically protected health information (ePHI) ( 45 CFR § 160.103). HITECH Act – 42 Chapter 156 (Health Information Technology)Īfter a BAA terminates, all patient health information is required to be returned to the covered entity or destroyed by the business associate ( 45 CFR 164.504(e)(2)(ii)(J)).Privacy Rule – 45 CFR Part 160 and Part 164, Subpart A and Subpart E.If a breach occurs, a business associate has 60 days to notify and will assume the financial damages in accordance with HIPAA penalties. The main purpose of a business associate agreement is to share medical records securely between two or more parties.Īside from being required under HIPAA law ( 45 § 164.502(e)(2)), the agreement requires the business associate, not the covered entity, to assume all liability in the event of a security breach (unless negligence is found on behalf of the covered entity). In the event of an unauthorized breach, the business associate would carry all liability related to the incident. ![]() A business associate agreement (BAA) is a required HIPAA compliance document between a covered entity that agrees to share medical records with a business associate in a secure and protected manner. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |