Scribd Logo
Upload

Welcome to Scribd!

  • Policy & Procedure: Business Associate Checklist

    Uploaded by

    api-320988320
    21 views4 pages
    BA shall use / disclose PHI only in the minimum amount and to the minimum number of individuals necessary to achieve the purpose of the services being rendered to or on behalf of CE. BA will use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the contract or as required by law.

    Original Description:

    Original Title

    businessassociateschecklist doc

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    BA shall use / disclose PHI only in the minimum amount and to the minimum number of individuals necessary to achieve the purpose of the services being rendered to or on behalf of CE. BA will use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the contract or as required by law.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views4 pages

    Policy & Procedure: Business Associate Checklist

    Uploaded by

    api-320988320
    BA shall use / disclose PHI only in the minimum amount and to the minimum number of individuals necessary to achieve the purpose of the services being rendered to or on behalf of CE. BA will use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the contract or as required by law.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    FUNCTION

    Policy&Procedure

    NUMBER

    PRIORISSUE
    HIPPA/PRIVACY

    BUSINESSASSOCIATES

    EFFECTIVEDATE

    BUSINESSASSOCIATECHECKLIST
    Contract
    Provision

    Reg
    .
    Cite

    Requirement

    Related

    Provisions
    ,
    Comments

    164.504(e)(2)(i)

    EstablishpermittedandrequiredusesanddisclosuresofPHIby
    BA

    Finalrulemustgenerallystate
    purposes,reasonsfor
    use/disclosureandtypesof
    personstowhominfocanbe
    disclosed

    164.504(e)(2)(i)

    May
    not
    authorizeBAtouseorfurtherdiscloseinfoinamanner
    thatwouldviolaterequirementsofsubpartifdonebyCE
    except:

    Mustincludeminimum
    necessarylanguage,either
    withinthisclause,orasa
    separateclause.

    BAshalluse/disclosePHIonlyin
    theminimumamountandtothe
    minimumnumberofindividuals
    necessarytoachievethepurpose
    oftheservicesbeingrenderedto
    oronbehalfofCE.

    164.504(e)(2)(i)(A)

    MaypermitBAtouseordisclosePHIforpropermanagement&
    administrationofBAaspermittedby
    (e)(4)

    164.504(e)(4)(i)(A)and
    (B)

    MaypermitBAto
    use
    PHI
    initscapacityasaBAifnecessaryfor
    thepropermanagement&administrationofBA
    or
    tocarryout
    thelegalresponsibilitiesofBA.

    164.504(e)(4)(ii)

    MaypermitBAto
    disclose
    PHI
    initscapacityasaBAforsame
    purposes,
    butonlyifdisclosureis

    164.504(e)(4)(ii)(A)

    Requiredbylaw
    or

    164.504(e)(4)(ii)(B)(1)

    BAobtainsreasonableassurancesfrompersontowhominfois
    disclosedthatinfowillbeheldconfidentiallyandusedorfurther
    disclosedonlyasrequiredbylaworforpurposeforwhichitwas
    disclosedtotheperson
    AND

    164.504(e)(4)(ii)(B)(2)

    ThepersontowhomtheinformationwasdisclosednotifiesBAof
    anyinstanceofwhichitisawareinwhichtheconfidentialityof
    theinformationhasbeenbreached.

    164.504(e)(2)(i)(B)

    BAmayprovidedataaggregationservicesrelatingtothehealth
    careoperationsofthecoveredentity.

    164.504(e)(2)(ii)(A)

    BAwillnotuseorfurtherdisclosetheinformationotherthanas
    permittedorrequiredbythecontractorasrequiredbylaw.

    164.504(e)(2)(ii)(B)

    BAwilluseappropriatesafeguardstopreventuseordisclosureof
    theinformationotherthanasprovidedforbyitscontract.

    164.504(e)(2)(ii)(C)

    BAwillreporttotheCEanyuseordisclosureoftheinformation
    notprovidedforbyitscontractofwhichitbecomesaware.

    Negotiatetimeandmannerof
    reportingwithBAinwriting,to
    whom,timeframe,etc.

    164.504(e)(2)(ii)D

    BAwillensurethatanyagents,includingasubcontractor,to
    MaywantBAtolist
    whomitprovidesPHIreceivedfrom,orcreatedorreceivedbythe subcontractorsandagentsin
    BAonbehalfof,theCEagreestothesamerestrictionsand
    exhibit.
    conditionsthatapplytotheBAwithrespecttosuchinformation.

    164.504(e)(2)(ii)E

    Access
    :BAwillmakeavailablePHIinaccordancewith
    164.524.

    NotnecessaryifBAdoesnot
    havePHIinadesignatedrecord
    set.

    164.504(e)(2)(ii)F

    Amendment
    :BAwillmakeavailablePHIforamendmentand
    incorporateanyamendmentstoPHIinaccordancewith
    164.526.

    NotnecessaryifBAdoesnot
    havePHIinadesignatedrecord
    set.

    164.504(e)(2)(ii)G

    Accounting
    :BAwilldocumentdisclosuresofPHIaswouldbe
    requiredforCEtorespondtoarequestforanaccounting.

    164.504(e)(2)(ii)G

    Accounting
    :BAwillmakeavailablePHItoprovideanaccounting
    ofdisclosuresinaccordancewith
    164.528.

    164.504(e)(2)(ii)H

    BAwillmakeinternalpractices,etc.availabletotheSecretary.

    164.504(e)(2)(ii)I

    Termination
    :BAwilliffeasiblereturnordestroyallPHI
    receivedfrom,orcreatedorreceivedbytheBAonbehalfofthe
    CE.BAwillretainnocopiesofsuchinformation.Ifreturnor
    destructionofsuchinformationisnotfeasible,BAwillextendthe
    protectionsoftheKtotheinformationandlimitfurtherusesand
    disclosurestothosepurposesthatmakethereturnorthe
    destructionoftheinformationinfeasible.

    164.504(e)(2)(iii)

    AuthorizeterminationbyCEifCEdeterminesthattheBAhas
    violatedamaterialtermofthecontract.

    NotrequiredbyPrivacy
    Rule

    MITIGATION

    Notrequiredbylaw,butincluded
    insamplelanguageinAugust
    finalrule.

    NotrequiredbyPrivacy
    Rule

    I
    NSURANCE

    Ifmaincontracthasinsurance
    clause,maynotbenecessaryin
    addendum.

    NotrequiredbyPrivacy
    Rule

    Inspection
    AllowCEtoinspectBAssystems,books,recordsifCE
    becomesawareofabreach

    CEisnotrequiredtomonitor
    BAsactivitiesforPrivacyRule
    purposes.

    NotrequiredbyPrivacy
    Rule

    INDEMNIFICATION

    Ifmaincontracthas
    indemnificationclause,maynot
    benecessaryinaddendum.

    NotrequiredbyPrivacy
    Rule

    Interpretation/ambiguity
    broadlyasnecessarytoimplement
    andcomplywiththePrivacyRuleandapplicablestatelaws.Any
    ambiguityshallberesolvedinfavorofameaningthatcomplies
    andisconsistentwiththePrivacyRule.

    NotrequiredbyPrivacy
    Rule

    Amendmenttocomplywithlaw
    ModificationofKtobein
    compliancewithPrivacyRule

    NotrequiredbyPrivacy
    Rule

    Assistanceinlitigationoradministrativeproceedings

    Ifmaincontracthasthistypeof
    clause,maynotbenecessaryin
    addendum.

    NotrequiredbyPrivacy
    Rule

    Conflictwithcontract
    addendumcontrolsasitrelatestoPHI

    You might also like