HIPAA defines business associates as a person or entity that provides services to a covered entity that involves the disclosure of PHI.
What is HIPAA?
HIPAA, the Health Insurance Portability and Accountability Act, was enacted in 1996 primarily to simplify the flow of healthcare information, and to make sure that all PHI (Personal Health Information) is kept confidential and private and is only used in the way for which it was intended. This means that medical information can only be collected, shared, stored, and used for legitimate purposes, and must be properly protected.
Who must follow HIPAA?
Business associates who work for HIPAA-covered entities must comply with HIPAA. Business associates are people who work with, or provide a service to, a covered entity and, in doing so, have access to PHI. They could be attorneys, accountants, or transcriptionist’s. HIPAA-covered entities include healthcare providers (pharmacists, doctors, hospitals, and labs), healthcare plans (HMOs and PPOs), and healthcare clearinghouses (facilities that collect and process health care data).
What is PHI?
Protected health information is any health information which is about—or can be linked to—a particular person, such as information about a diagnosis, insurance, treatment, or lab results. PHI is protected no matter how or where it is collected or stored, such as on a computer, in an email, on a patient’s chart, on a Post-it note, over the phone, or even in a voicemail. If it relates to an identifiable person’s health, it is probably PHI.
It is essential that everyone within an organization be aware of and follow HIPAA rules in their day-to-day work lives! When you have a question about HIPAA policies or practices, or what you should do in a specific situation, don’t guess. Contact your HIPAA compliance office immediately or contact me and I will be happy to answer any questions you have.
Use Common Sense to Protect PHI and Comply With HIPAA
- Disclose PHI only on a need-to-know basis. Only provide the parts of the record or elements of PHI that are necessary.
- Properly store and dispose of information.
- Always keep your mobile devices (laptops, phones, tablets) in a secure location when they are not in your possession.
- Be mindful of risks when accessing PHI remotely.
- Use antivirus software and only download files from trusted sources to protect your devices and the data they hold.
- PHI should only be sent via secure channels with end-to-end encryption, to avoid the information being intercepted or sent to the wrong person.
- Practice strong email security. Don’t click on suspicious links. Verify requests.
I hope this post was helpful, if you have any questions please feel free to contact me. If you would like to be notified of when I create a new post you can subscribe to my blog alert.