Health Information Compliance Alert
TURN YOUR STORAGE VENDORS INTO BUSINESS ASSOCIATES
PDF
Question: We want to house our paper records with an offsite storage vendor. We would submit the records in batches, but want to use a numbering system rather than PHI - like patients' names or dates of service - to access the batches in the future. Do we need to ask the storage vendor to sign a business associate
agreement (BAA)?
Connecticut subscriber
Answer: "Yes, there is a strong possibility that the vendor could view PHI in the performance of their duties," says Rick Ensenbach, senior security expert for Shavlik Technologies in Roseville, MN.
Example: A damaged box could reveal information inadvertently to your storage vendor. Or what seems harmless - an inventory of the contents of the boxes or containers - could become PHI when linked with other information the vendor has on hand - such as the boxes coming from a known HIV clinic.
The Bottom Line: The vendor is handling PHI and must ensure that it remains private, Ensenbach states. A BAA will ensure that the vendor takes every precaution to ensure the information it is storing is secure.
Editor's note: Send your privacy and security rule questions to us and we'll both track down your answers and publish them in an upcoming issue.
Health Information Compliance Alert
- SECURITY:
3 PROVEN METHODS TO PUT THE BRAKES ON SECURITY BREACHES
Train staff members to deal with violations before PHI winds up in the wrong hands
A [...] - COMPLIANCE STRATEGIES:
RELY ON YOUR SANCTIONS POLICY TO MITIGATE PHI LEAKS
The sanctions you impose could determine your patients' reactions to inappropriate disclosures
Scenario: A staff member [...] - SANCTIONS TOOL:
PUT YOUR SANCTIONS SAVVY TO THE TEST
Don't wait for a violation to test your ability to effectively use your sanctions policy [...] - CONFERENCE CALENDAR CORNER
May brings more than spring flowers - check out these informative events! May 2 - [...] - PRIVACY:
EXPERT TIPS TO HELP YOU COVER YOUR BILL-COLLECTION BASES
Use our checklist to ensure your collector's compliance
The last thing you need to worry about [...] - ENFORCEMENT:
LAX SECURITY RULE POLICIES COULD COST YOU BIG
Here's the scoop on the new proposed enforcement rule
If you're basing your security rule compliance [...] - Privacy Rule Compliance Update
Now that the security rule has taken effect, are you wondering how privacy rule compliance [...] - READER QUESTIONS:
SIGN UP TO PROTECT PATIENT PRIVACY
Question: We would like patients to write down their date of birth or the last [...] - READER QUESTIONS:
TURN YOUR STORAGE VENDORS INTO BUSINESS ASSOCIATES
Question: We want to house our paper records with an offsite storage vendor. We would [...] - HEALTH INFORMATION NEWS
WARN YOUR BAs TO BEEF UP SECURITY
Your business associates' security measures must be top notch [...]