Psychologist Business Associate Agreement

by Jill & Cathy on April 11, 2021

HIPAA defines the people we hire as “business associates” for processing customers` personal information – for example. B billing services, online data backup services, etc. HIPAA explains in the administrative simplification that we can work with such services if we … obtain satisfactory assurances that the consideration will adequately protect [the customer`s personal identifying information].] This “satisfactory assurance” is required by law to have the form of a contract called the Business Associate Agreement, short for “BAA.” (Federal authorities can obtain insurance through other means, but the rest of us don`t have that luxury.) At Person-Centered Tech, for example, we are often asked if cleaning services are business partners. They have the potential to contact customer information and can even manage resources containing records (z.B. moving filing cabinets to clean up behind and among them). The cleaning team`s possible contact with information is called “accidental or accidental.” For this reason, they are not HIPAA Business Associate. After analysing the risks, you may find that some kind of confidentiality agreement with the service is required. But it is a very different animal from a business associate agreement.

Psychologists who share offices? Not usually until psychologists share PHI and take appropriate precautions to protect themselves from accidental revelations of PHI against other office colleagues. In an office-sharing situation, providers who share the space often have access to the PHI of patients from another provider. A provider can, for example. B, hear the name of a patient called from the waiting room or see the name on a patient registration form. This information would be considered “random data” – secondary information that results from authorized disclosure, is limited and cannot reasonably be avoided. These incidental allegations are allowed, but only if: (1) the agency in question has appropriate safeguards for the privacy of individual patients; and (2) the covered unit implemented the minimum standard required.

Previous post:

Next post: