HIPAA - Subcontractors and suppliers

K

kreid

Involved In Discussions
Hello, any HIPAA experts out there?

I am wondering if it is the responsibility of the Covered Entity to 'sign-up' their subcontractors/suppliers as Business Associates?

What I mean by this is - if I am given Protected Health Information by a healthcare professional and we do not have a Business Associate Agreement in place (because the healthcare professional has not made me sign one), am I obliged to comply with HIPAA?
 
mihzago

mihzago

Trusted Information Resource
CAs are responsible to have a BAA with their BAs. BAs are also responsible for having BAAs with any subcontractors they use.

If you know you are a business associate, and you are one if you process PHI/ePHI on behalf of a CA, then you have to comply with HIPAA.
If the CA didn't ask you to sign BAA, I would ask them for one, or you create one and ask CA to execute.
 
You must log in or register to reply here.

Similar threads

T
Subcontractors audit
Replies
3
Views
256
ttylda
T
A
Qualification of a medical courier
Replies
2
Views
2K
yodon
Y
Q
Purchasing: Written agreement that the supplier will notify the organization of any changes to purchased product
Replies
4
Views
255
qualitynewbie
Q
Rambo
Supplier Agreements - Authority to Sign/Approve
2
Replies
11
Views
872
Randy
Randy
KiraKiwaKilowatt
AFAP principe in Supplier pFMEA
Replies
4
Views
205
yodon
Y
Top Bottom