Instead of entering into a contract, can business associates self-certify or be certified by a third party as compliant with the HIPAA Privacy Rule? Read More Instead of entering into a contract, can business associates self-certify or be certified by a third party as compliant with the HIPAA Privacy Rule?
Must a covered health care provider obtain an individual’s authorization to use or disclose protected health information to an interpreter? Read More Must a covered health care provider obtain an individual’s authorization to use or disclose protected health information to an interpreter?
When may a covered health care provider disclose protected health information, without an authorization or business associate agreement, to a medical device company representative? Read More When may a covered health care provider disclose protected health information, without an authorization or business associate agreement, to a medical device company representative?
May a covered entity share protected health information directly with another covered entity’s business associate? Read More May a covered entity share protected health information directly with another covered entity’s business associate?
Is a covered entity liable for, or required to monitor, the actions of its business associates? Read More Is a covered entity liable for, or required to monitor, the actions of its business associates?
Has the Secretary exceeded the HIPAA statutory authority by requiring “satisfactory assurances” for disclosures to business associates? Read More Has the Secretary exceeded the HIPAA statutory authority by requiring “satisfactory assurances” for disclosures to business associates?
If a CSP receives and maintains only information that has been de-identified in accordance with the HIPAA Privacy Rule, is it is a business associate? Read More If a CSP receives and maintains only information that has been de-identified in accordance with the HIPAA Privacy Rule, is it is a business associate?
Do the HIPAA Rules require CSPs that are business associates to provide documentation, or allow auditing, of their security practices by their customers who are covered entities or business associates? Read More Do the HIPAA Rules require CSPs that are business associates to provide documentation, or allow auditing, of their security practices by their customers who are covered entities or business associates?
Do the HIPAA Rules allow a covered entity or business associate to use a CSP that stores ePHI on servers outside of the United States? Read More Do the HIPAA Rules allow a covered entity or business associate to use a CSP that stores ePHI on servers outside of the United States?
Do the HIPAA Rules require a CSP to maintain ePHI for some period of time beyond when it has finished providing services to a covered entity or business associate? Read More Do the HIPAA Rules require a CSP to maintain ePHI for some period of time beyond when it has finished providing services to a covered entity or business associate?
