Cardiology Coding Alert

Reader Questions:

Pinpoint Business Associate Rules

Question: I woke up in a panic last night: I’ve been sending bills with protected health information (PHI) in the mail, and I don’t know whether I need a business associate (BA) agreement with the United States Postal Service (USPS). Do I need to arrange a BA since they’re technically handling PHI?

Oregon Subscriber

Answer: The U.S. Department of Health and Human Services (HHS) says that covered entities (CEs) do not need to enter into business associate agreements (BAAs) or contracts with couriers or other “conduits,” which HHS says also includes electronic equivalents.

“A conduit transports information but does not access it other than on a random or infrequent basis as necessary for the performance of the transportation service or as required by law. Since no disclosure is intended by the covered entity, and the probability of exposure of any particular protected health information to a conduit is very small, a conduit is not a business associate of the covered entity,” HHS says in a Frequently Asked Question on its website.

Other Articles in this issue of

Cardiology Coding Alert

View All