Health Information Management

Ask the expert: What special safeguards should we put in place when disclosing PHI to offshore computer developers for systems and application design purposes?

HIM-HIPAA Insider, March 13, 2007

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

A: The privacy rule requires that you have a BA agreement (BAA) with outside companies to which you will disclose PHI for business purposes. Because the regulations do not distinguish between domestic and offshore companies, you should execute a BAA with any outside vendor to which you will disclose PHI.

However, I would question the need to disclose actual patient information for systems and application design purposes. Do you really need to use actual patient data or could you make up dummy data that would do the trick?

Editor's note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, president of Brandt & Associates, Inc., a healthcare consulting firm in Bellaire, TX answered this question. She is a nationally recognized expert on patient privacy, information security, and regulatory compliance, and her publications provided some of the basis for HIPAA's privacy regulations. She is also the former director of policy and research for the American Health Information Management Association.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular