Q: Are we in violation of HIPAA if we contract with the company that manages our clinical research database, which stores de-identified data, to host our electronic medical record?
HIPAA Weekly Advisor, April 7, 2008
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
A: No. You should consider the company a business associate.
This status requires it to implement appropriate privacy and security policies, procedures, and practices to meet minimum necessary standards.
Requiring the company to provide documentation that demonstrates the following is advisable:
Requiring the company to provide documentation regarding its audit program to reasonably ensure that it periodically reviews audit logs also is recommended. Further, if you suspect inappropriate access to data, you must consider investigating the situation.
Editor's note: Chris Apgar, president of Portland, OR-based Apgar & Associates, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Comments
0 comments on “Q: Are we in violation of HIPAA if we contract with the company that manages our clinical research database, which stores de-identified data, to host our electronic medical record? ”
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched