70 likes | 231 Views
Organizational ID Vendor Audit. Important NEW Business Associate Definition. Business Associate Disclosing of Patient Information: Will a third-party outside of the University be accessing, using, disclosing PHI have indirect exposure to PHI, either physically or electronically?
E N D
Important NEW Business Associate Definition • Business Associate • Disclosing of Patient Information: Will a third-party outside of the University • be accessing, • using, • disclosing PHI • have indirect exposure to PHI, either physically or electronically? • Indirect exposure can come in the form of physical transportation, transport across a network, or having the ability to access PHI even if it is not expressly part of the service being provided (i.e. custodial services, IT resource maintenance)?”
So Why is this Important? • All Principle Investigators or their designee will need to complete a Vendor Information Assessment Report, within the next 3 months. • Identify the relationship with the Vendor • Based on the definition is PHI being shared • You can assist your manager by passing this information on to them • Always ask yourself is PHI being shared with a Vendor, and do they have a HITECH BAA with us.
How Do I Find Out Who Has a HITECH BAA • Go to the Privacy Web Page: • http://www.privacy.utah.edu • Select Privacy and Security Internet • Select Business Associates • Then Click on the “List of entities that the UUHS has a Business Associate Agreement with • This list changes quite often and must be checked before you do business with a vendor where PHI is being shared according to the above definition.
Questions? • What can I do to help? Pass the information on to your manager. • Where is PHI being shared? It is not always the new Vendor, but the long time one that we are sharing PHI with and don’t realize it. • Do we have a HITECH BAA with this Vendor? Just because you have always done business with the Vendor, does not mean there is a HITECH BAA in place. Make sure by visiting our web page.