R
Hi All,
Looking for a little HIPAA help.
We distribute our device through a dealer network, we are reimbursed by the dealer electronically, but we build our product directly for the patient. We get measurements and other information from the dealer/hospital and assemble a device per these measurements then ship to the dealer who sells to the patient.
1) My conclusion is that we are not a covered entity, we would be a business associate. Does this seem to be the right conclusion?
2) What do we need in place to satisfy HIPAA? We have begun with an information privacy and protection business statement and are writing up basic procedures which outline the protection of any information we do receive. Is there anything additional we would need?
Thanks for any and all help.
Looking for a little HIPAA help.
We distribute our device through a dealer network, we are reimbursed by the dealer electronically, but we build our product directly for the patient. We get measurements and other information from the dealer/hospital and assemble a device per these measurements then ship to the dealer who sells to the patient.
1) My conclusion is that we are not a covered entity, we would be a business associate. Does this seem to be the right conclusion?
2) What do we need in place to satisfy HIPAA? We have begun with an information privacy and protection business statement and are writing up basic procedures which outline the protection of any information we do receive. Is there anything additional we would need?
Thanks for any and all help.
.