This form will determine if your vendor is considered a HIPAA Business Associate and therefore, you will need to have them sign a HIPAA Business Associate Agreement.
- Name - Street address - Telephone number - E-mail addresses - Social Security Number - Medical record number or other health plan account numbers - Certificate or License Numbers - Device identifiers and serial numbers - Device URL’s or IP addresses
- accounting - accreditation - actuarial - administrative - application support services - consulting - data aggregation - data storage services - financial services - legal - management - physical or electronic data storage - shredding services - technology support services
- benefit management - billing - claims processing or administration - data analysis, processing, or administration - data storage services - patient safety activities - practice management - quality assurance - repricing - utilization review
- My vendor stores patient information on their servers - To provide support services, they must have administrative rights to our systems that access or store patient information - They never access patient information electronically
- Courier services, US Post office, etc also fall under the conduit exception. - Your phone company has PHI go over their lines but it isn't there for any amount of time and they have no need to see it as it goes by their systems. However, consider whether your telecom service providers or technicians ever have access to your voicemail or data transmissions. - Who maintains your copier and fax equipment? Can service technicians access data during maintenance, repairs or at the end of a lease term? - A cleaning service, for example, may never see patient information that is locked away and they are only around it when cleaning the office during normal business hours. Any work they do shouldn't put them in direct contact with patient information except by complete accident and then it wouldn't be the entire patient database. However, consider whether the physical and technical safeguards you have in place are absolutely secure if service is performed after normal business hours.
Specialized training for privacy and security officers.
May 13-16, 2025
Limited Seats – Annual Event
Early Bird Rate Ends April 13