Ask the expert: What special safeguards should we put in place when disclosing PHI to offshore computer developers for systems and application design purposes?
HIM Connection, March 13, 2007
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
A: The privacy rule requires that you have a BA agreement (BAA) with outside companies to which you will disclose PHI for business purposes. Because the regulations do not distinguish between domestic and offshore companies, you should execute a BAA with any outside vendor to which you will disclose PHI.
However, I would question the need to disclose actual patient information for systems and application design purposes. Do you really need to use actual patient data or could you make up dummy data that would do the trick?
Editor's note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, president of Brandt & Associates, Inc., a healthcare consulting firm in Bellaire, TX answered this question. She is a nationally recognized expert on patient privacy, information security, and regulatory compliance, and her publications provided some of the basis for HIPAA's privacy regulations. She is also the former director of policy and research for the American Health Information Management Association.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- HIPAA Q&A: Level of encryption needed for email
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Joint Commission Center announces handoff communication solutions
- Inside best practice: Reduce patient falls with a stoplight
- Identify modifiable risk factors to prevent patient falls
- Searched