- Home
- Campus
- Employment Services
- Employee Handbook
Employee Handbook
- Table of Contents
- HIPAA Policies and Procedures
- Business Associates and Business Associate Agreements
14.18 Business Associates and Business Associate Agreements
14.18.1 Policy Statement
The Health Plan may disclose protected health information (PHI) to business associates, or allow business associates to create or receive protected health information (PHI), provided the business associate executives sign a written agreement to appropriately safeguard such PHI.
14.18.2 Policy Interpretation and Implementation
Definition of Business Associate |
A business associate means a person or entity who is not an employee or workforce member of the Health Plan; who performs or assists in the performance of a function or activity on behalf of the Health Plan that involves the use or disclosure of PHI; or provides legal, actuarial, accounting, consulting, data compilation, management, administrative, accreditation, or financial services. |
|
|
Definition of Employee/Workforce Member |
An employee/workforce member, for the purposes of this policy, means any employee, trainee, volunteer, or any other person(s) whose conduct, in the performance of work for the Health Plan, is under the direct control/supervision of the Health Plan, regardless of payment source. |
|
|
Identification of Business Associates |
It is the Health Plan's obligation to ensure that all of the Health Plan's business associates have a written valid business associate agreement. |
|
|
Content of Business Associate Agreements
|
The business associate agreement between the Health Plan and the business associate establishes permitted and required uses or disclosure of PHI. Pursuant to the agreement the business associate must agree to at least:
|
|
|
Record Retention |
A copy of all HIPAA covered information and any revisions shall be maintained for a period of at least six (6) years. Such retention may be in printed or electronic format, or both. |
|
|
Privacy Officer |
The Privacy Officer is responsible for the development and implementation of the HIPAA policies and procedures. The Privacy Officer is also the contact person for any questions or complaints regarding HIPAA. Questions or concerns about your HIPAA rights should be directed to the Privacy Officer during regular business office hours Monday through Friday, except holidays, at (651) 696-6280. |
|
|
Violations |
Violations of this policy will be subject to discipline. |