|
Fall 2013
IN THIS ISSUE
d&G Lawyer News
Visit Our Site:
101 E. Kennedy Blvd.,
Suite 2000
Tampa, FL 33602
813-229-2775
|
Q & A – HIPAA
Q: Who is a Covered Entity under HIPAA?
A: Any health plan, including a group health plan; health care clearinghouse; or health care provider who transmits health information in electronic form.
Q: Who is a Business Associate under HIPAA?
A: A person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides certain services to, a Covered Entity. This now includes subcontractors of Business Associates as well as those who store and maintain Protected Health Information.
Q: What is a Business Associate’s liability under the new HIPAA changes?
A: A Business Associate is now directly liable under HIPAA. Specifically, a Business Associate is directly liable for failing to comply with all of the Security Rule provisions and certain provisions of the Privacy Rule including impermissible uses and disclosures; failure to provide breach notification to the Covered Entity; failure to provide access of Electronic PHI to the individual or Covered Entity; failure to disclose PHI to the Secretary; failure to provide an accounting of disclosures; and failure to comply with the minimum necessary principle.
Q: What is considered a breach under the new HIPAA changes?
A: Any impermissible use or disclosure of PHI is now presumed to be a breach and requires compliance with the Breach Notification requirements unless a Covered Entity or Business Associate performs a Risk Assessment that demonstrates there is a low chance that the PHI has been compromised.
|
