Vendor Risk Management: Business Associate Agreements: Vendor Risk Management: Business Associate Agreements
by Russ Cornwall on Fri, Dec 20, 2013 @ 09:26 AM
Healthcare organizations can give third-parties (“business associates”) access to patient data, including an independent medical transcriptionist hired by a physician, outsourced claims services, a consultant, or a CPA firm whose services require access to protected patient information.
Patients are protected by HIPPA privacy rules in the following ways:
Patients may ask to see all medial records
Patients may have health records corrected
Patients may request and receive information about how their health records are used and/or shared
Patients may decide how their information is shared for certain purposes (i.e. for marketing)
Patients may have access to information about when or where their information was shared
Patients may file a complaint if they believe their information has been misused or compromised
