HIPAA - Subcontractors and suppliers

K

kreid

Involved In Discussions
Hello, any HIPAA experts out there?

I am wondering if it is the responsibility of the Covered Entity to 'sign-up' their subcontractors/suppliers as Business Associates?

What I mean by this is - if I am given Protected Health Information by a healthcare professional and we do not have a Business Associate Agreement in place (because the healthcare professional has not made me sign one), am I obliged to comply with HIPAA?
 
mihzago

mihzago

Trusted Information Resource
CAs are responsible to have a BAA with their BAs. BAs are also responsible for having BAAs with any subcontractors they use.

If you know you are a business associate, and you are one if you process PHI/ePHI on behalf of a CA, then you have to comply with HIPAA.
If the CA didn't ask you to sign BAA, I would ask them for one, or you create one and ask CA to execute.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
L Medical device HIPAA compliance in encryption Medical Information Technology, Medical Software and Health Informatics 2
D HIPAA, HITECH and Interoperability compliance route Medical Device and FDA Regulations and Standards News 2
S HIPAA-compliant monitoring software (advice needed) Hospitals, Clinics & other Health Care Providers 1
G Do HIPAA Rules Apply to a 3rd Party Logistics Shipper? Other US Medical Device Regulations 2
C How medical device manufacturers are implementing standards like GDPR and HIPAA Other ISO and International Standards and European Regulations 5
D HIPAA and GDPR applies? Medical therapy device ISO 13485:2016 - Medical Device Quality Management Systems 0
Ajit Basrur Need help to understand HIPAA requirements ISO 13485:2016 - Medical Device Quality Management Systems 25
GoSpeedRacer ISO 13485:2016 Clause 4.2.5 - Control of Records - HIPAA Requirements ISO 13485:2016 - Medical Device Quality Management Systems 11
P HIPAA Privacy - Login password or USB Access key? Other US Medical Device Regulations 3
E Collecting Patient Information and Patient Identifiers - HIPAA Other US Medical Device Regulations 2
R HIPAA (Health Insurance Portability and Accountability Act) applicability Other US Medical Device Regulations 3
J Software Outsourcing - 21 CFR Part 11 and HIPAA Compliant Applications Career and Occupation Discussions 1
K Subcontractors Providing Services Under MDD or MDR need ISO 13485 from EU Notified Body? CE Marking (Conformité Européene) / CB Scheme 8
H Critical subcontractors & crucial suppliers EU Medical Device Regulations 5
J Do Software Subcontractors need to be ISO13485 compliant in the EU? EU Medical Device Regulations 3
C Flowing Requirement(s) down to Subcontractors Inspection, Prints (Drawings), Testing, Sampling and Related Topics 5
P Outsourced Manufacturing - Making Subcontractors comply with TL9000 TL 9000 Telecommunications Standard and QuEST 2
I List of Significant Subcontractors EU Medical Device Regulations 2
A Auditing a Medical Device Subcontractors QMS ISO 13485:2016 - Medical Device Quality Management Systems 4
T External production/subcontractors of Medical Device outside USA 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Q ISO 14001 and Control of Subcontractors - Small engineering company ISO 14001:2015 Specific Discussions 8
A Which Subcontractors or Facilities need to be listed on a Quality System Certificate? ISO 13485:2016 - Medical Device Quality Management Systems 11
T Re-Arrangement Cost, Quality Cost, Start-Up Costs, Hourly C&B and Subcontractors Manufacturing and Related Processes 6
J Supplier Quality System Development - Control by supplier over subcontractors Supplier Quality Assurance and other Supplier Issues 17
L Identifying product to subcontractors - Our identifying papers or labels "disappear" Document Control Systems, Procedures, Forms and Templates 3
F Who pays for DVP? Subcontractors or Tier 1 Supplier? APQP and PPAP 1
A Performance rating of subcontractors QS-9000 - American Automotive Manufacturers Standard 2
A Change management - process, tooling, subcontractors etc. QS-9000 - American Automotive Manufacturers Standard 1
D What exactly is needed on the subcontractor list for evaluating subcontractors QS-9000 - American Automotive Manufacturers Standard 4
D Receiving Inspection by Subcontractors? Heat Treat Inspection, Prints (Drawings), Testing, Sampling and Related Topics 1
Marc Registrar Interpretations: ISO9000 requirements for Subcontractors and Distributors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
S Why do suppliers submit bad parts // Quality Incoming Inspection Supplier Quality Assurance and other Supplier Issues 12
T Clarity on requirements for indirect suppliers per AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
J PFMEA in relation to suppliers FMEA and Control Plans 7
John Broomfield The Common Assessment Standard (prequalifying construction suppliers to bid) Misc. Quality Assurance and Business Systems Related Topics 0
GStough Suppliers Starting to Charge A Fee for Customer Audits Supplier Quality Assurance and other Supplier Issues 14
P Crucial Suppliers Listed on Regulatory Certificates EU Medical Device Regulations 3
A Establishing an initial audit schedule for Pharma Suppliers General Auditing Discussions 2
M MDSAP Medical Devices Suppliers Canada Medical Device Regulations 5
T Supplier Evaluation - *ALL* Suppliers to business? ISO 13485:2016 - Medical Device Quality Management Systems 5
S ISO 14001 Operational Planning and Control - Proving evidence of communicating environmental requirements to suppliers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M 8.4.1.1 Register of approved suppliers and requirements when they are customer-designated AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
I Clinical study suppliers (service providers) -- extent of control ISO 13485:2016 - Medical Device Quality Management Systems 4
Dazzur Sharing Suppliers Performance Data with Supplier. Supplier Quality Assurance and other Supplier Issues 6
K Process FMEA responsible For "Make to Design Parts" (Inhouse or Suppliers ?) FMEA and Control Plans 3
S Setting AQL Levels with Multiple Suppliers Supplier Quality Assurance and other Supplier Issues 3
GStough Audit Nonconformances (?) for Suppliers Not Registered to ISO and No Supplier Quality Agreement Exists General Auditing Discussions 24
I Are suppliers required to hand over process validation reports? ISO 13485:2016 - Medical Device Quality Management Systems 20
Q Approving distributors as suppliers for automotive company Supplier Quality Assurance and other Supplier Issues 1
A ISO certs from suppliers - Expiration Tracking Method Various Other Specifications, Standards, and related Requirements 14

Similar threads

Top Bottom