Associates Financial Life Insurance Company – How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation (2014) Chapter: IV. Application of HIPAA to existing breweries
Unfortunately, this book cannot be printed from OpenBook. If you want to print the pages of this book, we recommend that you download it as a PDF.
Associates Financial Life Insurance Company
Visit /10766 to learn more about this book, buy it in print or download it as a free PDF.
Don’t Be Shy When Interviewing Financial Advisors
Suggested Citation: “IV. HIPAA Request to Industry by Annex Penner.” National Institute of Science, Engineering and Medicine. 2014.
Below is an unedited machine-readable text from this chapter, intended to provide a great resource to our search engines and external engines, a paragraph representing each book’s searchable chapter. Due to inaccuracies, please consider the following text as a useful but insufficient representation of an authoritative bibliography.
8 [E]mployees often maintain large amounts of health information, but typically employers are not covered entities. Other groups such as advertising companies, life insurance companies, data mining companies, financial institutions, healthcare facilities, hospitals, nursing homes and social networking sites are not covered by this privacy policy. Courts have repeatedly emphasized the position that the scope of entities under HIPAA is limited to health plans, health care facilities, and health care providers. Therefore, governments and their agencies (such as law enforcement agencies) that do not qualify as covered entities are not covered by HIPAA even if they receive PHI from a covered entity such as a hospital.43 IV. Application of HIPAA ES to Business Entities A. Definition of Business Associate A business associate is one who performs activities, functions, or services on behalf of a covered entity that involves the use or disclosure of the PHI discussed. In section IV.B of this summary. 44 First, if the covered entity is cooperating with the business, has failed to fulfill its obligations, the registration of the business entity or the state system, where joint activities are allowed by law. id. (citing 45 C.F.R. § 164.502(e)). See also MASSLEGAL SERVICES, HIPAA and the Social Security Administration, available at http://www.masslegal services.org/content/hipaa-and-social-security-administration: When health information is protected by the HIPAA Privacy Act in a non-covered For agencies like [and the Social Security Administration], the HIPAA privacy policy prohibits the use of disclosed information. The bottom line is that the release form currently used by clients does not need to deal with the SSA and DDS because of HIPAA. 42 Martha Tucker Ayers, Privacy and Marketing of Health Information in Arkansas, 64 Ark. LRV. 969, 978 (2011) (footnotes omitted), hereinafter cited as âAyres.â 43 United States v. Prentice, 683 F. Supp. 2d 991, 1001 (D. Minn. 2010) (law enforcement agency is not an insured entity subject to HIPAA restrictions on use or access to PHI); United States v. Elliott, 676 F. Supp.2d 431, 440 (D. Md. 2009) (law enforcement exempt entities covered by HIPAA); United States v. Mathis, 377 F.Supp. 2d 640, 645 (M.D. Tenn. 2005) (FBI not within meaning of HIPAA covered entities); Beard v. City of Chicago, 2005 US DIST. LEXIS 374, at *2 (N.D. Ill. 2005) (city fire department not covered by HIPAA). 44 78 Fed. Reg. 5598. Liability is limited to breach of contract claims by the insured entity pursuant to a business contract between them. Under the applicable provisions of HIPAA.46 As defined in § 160.103, a business associate of a covered entity is a person (a term that includes a partnership, corporation, professional organization or business, or other public or private entity ) 47 that: (i) maintains, receives, stores, or transmits protected health information on behalf of an entity carrying out an activity or activity regulated by this subchapter, including claims processing or Administration, data analysis, processing, or administration. , utilization review, quality assurance, patient safety activities listed in 42 CFR 3.20, billing, benefits management, practice management, and reimbursement; or (ii) provides “financial, actuarial, accounting, consulting, data collection, management, control, authority or financial services to or from such covered entity” where the provision of the service includes – protected health from such entity or management Withholding information from, or other such business entity or management of, that person. 48 HHS has provided examples of individuals or entities that may be business associates of affected entities: ¢ A third-party administrator that assists in the processing of health plan claims. A CPA firm whose reporting services for healthcare providers include access to secure health information. ¢ An attorney includes health plan legal services as well as access to protected health information. ¢ A consultant will evaluate the utilization of a hospital. ¢ A healthcare facility that converts the claim from a non-standard format into a standard transaction on behalf of the healthcare provider and processes the transaction to the payer. • Independent medical transcriptionist provides transcription services. 45 Jolly & Chewning, supra note 28, at 22–23. 46 See 42 U.S.C. § 17931(a) (2013) (application of business associate exemption and penalties for covered entities) and 42 U.S.C. § 17934 (restrictions on solicitation of private benefits and business associates of hidden entities) (2013). see also Spencer, supra note 22, at *2 47 45 C.F.R. § 160.103 (2013) (definition of person). 48 42 C.F.R. § 160.103 (2013).
9¢ A director of pharmacy benefits who manages a health plan’s pharmacy network. Who needs access to PHI to perform certain tasks or activities on behalf of the covered entity 51 Any person or entity – public or private[] performing those activities or activities or services. A business associate within the meaning of the HIPAA regulations, whether or not that person has other professional duties or related rights or responsibilities. HHS explains that a business associate is generally an agent of a covered entity if the business agreement provides “the authority to control the performance of the service provided by the covered entity business. 53 As stated by HHS on Jan. Its final rule issued in 2013 explained: “A person becomes a business associate by definition, not by contract with a cover. entity or otherwise (emphasis added). 54 – Liability for unauthorized use and disclosure immediately added when a person creates, receives, stores or transfers PHI on behalf of a firm or business meeting the definition of partner and otherwise business associate (emphasis) ).⢠Liability does not depend on the PHI category because â…may not include diagnostic-specific information. Some transit agencies, including Fox Transit Agencies, contract with asylum agencies to transfer individuals to asylum facilities. It appears that transit agencies receive health information from clients, but health information may be Origination may be from covered entities or business associates of covered entities. For example, as discussed in Section 49 of the U.S. Department of Health and Human Services, Business Associates, available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/ coveridentities/businessassociates.html. 50 78 Fed. Reg. 5571. 51 ID. at 5571 and 5598. 52 Id. at 5598. 53 Id. in 5581; 45 C.F.R. § 160.402 (2013). 54 78 Fed. Reg. 5598. 55 ID. IX.C A transportation agency may act as a provider of a system of coordinated transportation services. Sections IX.C and IX.D of this summary address the issue of whether transit agencies meet the definition of a business subject to HIPAA. Although it does not appear that travel agencies meet HIPAA’s definition of a business associate, some travel agencies have entered into agreements that state that they will comply with HIPAA. Regardless of whether HIPAA applies to transit agencies because of a provision in their contracts, a covered entity (or its business associate) may share PHI with a transit agency only if a patient or client By consenting to the release of your health information – or when disclosure is required by law. 56 As discussed in subsection B below, a covered entity’s (or business associate’s) permitted use and disclosure of PHI does not include disclosure to a travel or transportation agency. B. Use and Disclosure of PHI by Business Associates Although the HIPAA regulations permit a business associate to create, receive, store, or transmit PHI on behalf of the entity covered by the PHI, the HIPAA regulations at 45 C.F.R. § 160.103 are clear that activities performed by the business associate must be regulated by this subchapter, such as processing or payment on behalf of the covered entity. definition of