HIPAA - Subcontractors and suppliers

kreid

Involved In Discussions
#1
Hello, any HIPAA experts out there?

I am wondering if it is the responsibility of the Covered Entity to 'sign-up' their subcontractors/suppliers as Business Associates?

What I mean by this is - if I am given Protected Health Information by a healthcare professional and we do not have a Business Associate Agreement in place (because the healthcare professional has not made me sign one), am I obliged to comply with HIPAA?
 
Elsmar Forum Sponsor

mihzago

Trusted Information Resource
#2
CAs are responsible to have a BAA with their BAs. BAs are also responsible for having BAAs with any subcontractors they use.

If you know you are a business associate, and you are one if you process PHI/ePHI on behalf of a CA, then you have to comply with HIPAA.
If the CA didn't ask you to sign BAA, I would ask them for one, or you create one and ask CA to execute.
 
Thread starter Similar threads Forum Replies Date
S HIPAA-compliant monitoring software (advice needed) Hospitals, Clinics & other Health Care Providers 0
G Do HIPAA Rules Apply to a 3rd Party Logistics Shipper? Other US Medical Device Regulations 2
C How medical device manufacturers are implementing standards like GDPR and HIPAA Other ISO and International Standards and European Regulations 5
D HIPAA and GDPR applies? Medical therapy device ISO 13485:2016 - Medical Device Quality Management Systems 0
Ajit Basrur Need help to understand HIPAA requirements ISO 13485:2016 - Medical Device Quality Management Systems 17
GoSpeedRacer ISO 13485:2016 Clause 4.2.5 - Control of Records - HIPAA Requirements ISO 13485:2016 - Medical Device Quality Management Systems 11
P HIPAA Privacy - Login password or USB Access key? Other US Medical Device Regulations 3
E Collecting Patient Information and Patient Identifiers - HIPAA Other US Medical Device Regulations 2
R HIPAA (Health Insurance Portability and Accountability Act) applicability Other US Medical Device Regulations 3
J Software Outsourcing - 21 CFR Part 11 and HIPAA Compliant Applications Career and Occupation Discussions 1
C Flowing Requirement(s) down to Subcontractors Inspection, Prints (Drawings), Testing, Sampling and Related Topics 5
P Outsourced Manufacturing - Making Subcontractors comply with TL9000 TL 9000 Telecommunications Standard and QuEST 2
I List of Significant Subcontractors EU Medical Device Regulations 2
A Auditing a Medical Device Subcontractors QMS ISO 13485:2016 - Medical Device Quality Management Systems 4
T External production/subcontractors of Medical Device outside USA 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Q ISO 14001 and Control of Subcontractors - Small engineering company ISO 14001:2015 Specific Discussions 8
A Which Subcontractors or Facilities need to be listed on a Quality System Certificate? ISO 13485:2016 - Medical Device Quality Management Systems 11
T Re-Arrangement Cost, Quality Cost, Start-Up Costs, Hourly C&B and Subcontractors Manufacturing and Related Processes 6
J Supplier Quality System Development - Control by supplier over subcontractors Supplier Quality Assurance and other Supplier Issues 17
L Identifying product to subcontractors - Our identifying papers or labels "disappear" Document Control Systems, Procedures, Forms and Templates 3
F Who pays for DVP? Subcontractors or Tier 1 Supplier? APQP and PPAP 1
A Performance rating of subcontractors QS-9000 - American Automotive Manufacturers Standard 2
A Change management - process, tooling, subcontractors etc. QS-9000 - American Automotive Manufacturers Standard 1
D What exactly is needed on the subcontractor list for evaluating subcontractors QS-9000 - American Automotive Manufacturers Standard 4
D Receiving Inspection by Subcontractors? Heat Treat Inspection, Prints (Drawings), Testing, Sampling and Related Topics 1
Marc Registrar Interpretations: ISO9000 requirements for Subcontractors and Distributors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
P Managing How PPAP Requirements are Communicated in the Manufacturing Process and to Suppliers APQP and PPAP 4
B General Motors and Honda Alliance - What does this mean to suppliers? IATF 16949 - Automotive Quality Systems Standard 3
S Conflict Minerals - Tin Suppliers CMRT Miscellaneous Environmental Standards and EMS Related Discussions 2
T ISO 13485 - Process validation at critical suppliers ISO 13485:2016 - Medical Device Quality Management Systems 7
P Mylar plot suppliers in accordance with D6-51991 document AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
T Reaction Plan To Drive suppliers to IATF 16949 registration IATF 16949 - Automotive Quality Systems Standard 4
I Approved Suppliers ISO/IEC 17025:2017 and used test equipment ISO 17025 related Discussions 6
C Critical Suppliers for EU medical device approvals May 2020 EU Medical Device Regulations 1
M Who should receive the bills from suppliers and vendors, account payable or procurement? Consultants and Consulting 4
P Qualifying commercial off the shelf (COTS) external suppliers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Nicole Desouza Are Shipping Companies Suppliers? Manufacturing and Related Processes 4
J Painted cut threads - ASME Pipe Suppliers Manufacturing and Related Processes 6
G ISO 9001 8.4 applied to 7.1.3 - Suppliers of infrastructure requirements - IT and Print solutions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
P IATF 16949 Clause 8.4.2.3 - Justification for non-certified suppliers IATF 16949 - Automotive Quality Systems Standard 14
J Requirements for customer directed suppliers Customer and Company Specific Requirements 5
R Supplier Controls we can place on Single-Source Suppliers ISO 13485:2016 - Medical Device Quality Management Systems 2
L Audit boundaries - Is a Registrar permitted to audit a company's QMS by visiting their suppliers? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 26
R ISO 9001 versus ISO 13485 for Suppliers to Medical Device Companies ISO 13485:2016 - Medical Device Quality Management Systems 2
R Critical suppliers (Definition of) and MDSAP (Medical Device Single Audit Program) ISO 13485:2016 - Medical Device Quality Management Systems 15
P IATF 16949 - Monitoring Suppliers for Premium Freight IATF 16949 - Automotive Quality Systems Standard 12
DuncanGibbons Documentation aerospace OEMs require with purchase of parts from manufacturers/suppliers Manufacturing and Related Processes 0
K Supplier Controls for Animal Tissue Suppliers for Medical Devices Other Medical Device Regulations World-Wide 0
optomist1 Survey of Tier 1 & Tier 2 suppliers APQP and PPAP 6
P Non-Active Suppliers on CE Certificate EU Medical Device Regulations 2

Similar threads

Top Bottom