The answer to that question is more complicated than a simple yes or no. “It depends,” says it best. The reason lies in the law itself. The lawmakers who crafted the HIPAA legislation went to great lengths, it seems to me, to make the mandate non-prescriptive. HIPAA compliance doesn’t expressly require the use or avoidance […]
Business Associate Agreement
When it comes to safeguarding Protected Health Information (PHI), you could say, “It takes a village.” The Omnibus Rule underscores the fact that protecting patients’ health information and their right to privacy is the responsibility today not only of healthcare providers, but also of their business associates (BAs) whose work requires them to access PHI.