Your Patient's Data, But Not Your Breach
Your responsibilities for reporting HIPAA violations are complex, but reasonably clear, if your practice is responsible for the breach. However, what if the protected health information of your patients is violated, not by you, but by one of your business partners? What are your responsibilities then? That depends on whether the partner is a business associate or another “covered entity.”
A covered entity, as defined by HHS, is another healthcare provider, healthcare plan, or claims clearinghouse, who must comply with HIPAA regulations on their own. Business associates, on the other hand, are businesses or individuals who have access to some of your patients’ information because of certain services they perform for you, but are not themselves covered entities. An outside billing company is an example of a business associate, and so is your attorney.
Click here for the full article from Diagnostic Imaging.