HIPAA Q&A: BA contracts
HIPAA Weekly Advisor, August 9, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q. What additional language do BA contracts need to satisfy requirements of the HITECH Act, which is part of the American Recovery and Reinvestment Act?
A. BA contracts require amendments that address the following:
- New breach notification requirements as they pertain to BAs and their third-party contractors
- The responsibility of BAs that store patient or health plan member PHI electronically to provide PHI electronically to covered entities, patients, and health plan members who request electronic copies (depending on how covered entities intend to comply with this new requirement)
- statutory requirement that BAs comply with the HIPAA security rule and the privacy rule’s use and disclosure provisions
Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR, answered this question. Apgar has more than 17 years of experience in information technology and specializes in security compliance, assessments, training, and strategic planning. He is a board member of the Workgroup for Electronic Data Interchange and chair of the Oregon and Southwest Washington Healthcare, Privacy, and Security Forum.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched