Articles
Here Comes HIPAA! (and health care privacy litigation too!)
By Ryan D. Meade
The privacy regulations for the Health Insurance Portability & Accountability Act
("HIPAA") become a compliance obligation on April 14, 2003 for all health plans
(insurance companies, HMOs, self-insured employer group health plans, etc.), health care
clearinghouses and most health care providers (known collectively as "covered entities").
HIPAA's privacy regulations are extensive and onerous. The rules establish the first
federal privacy standard for general medical and health insurance information and not
only regulate who and when a covered entity may disclose health information, but also
how they may us the information inside their own organization.
The ABC's of Business Associates
By Lynn S. McGivern, L.LM., JD
It's not what it is, but rather what it does that determines whether a person
or entity is a business associate pursuant to the privacy standards under the
Health Insurance Portability and Accountability Act of 1996i (HIPAA). The first
step in achieving HIPAA compliance with regard to business associates is to
properly identify them. The following two-prong test must be satisfied in order to
deem a relationship one that involves a business associate and therefore
requiring "satisfactory assurance" in the form of a written agreement; (1) the
person or organization performs a function for or on behalf of the covered entityii
or the organized health care arrangement in which the covered entity
participates; and (2) in performing the function, uses or discloses individually
identifiable health information as part of performing that function regulated by the
HIPAA privacy standards. If the individual or entity is acting independently or on
behalf of someone other than the covered entity, no business associate
relationship exists.
