[ Wednesday, November 05, 2003 ]
And you thought HIPAA was frustrating to you.
You're not alone. The inestimable Kristen Rosati, chair of the American Health Lawyers Association's Health Information and Technology practice group, has authored a letter
to HHS asking for clarification on the effect of the business associate rules when lawyers are the business associates. One of the big issues is when lawyers must track disclosures. But there are lots of other issues as well.
As you know, a HIPAA covered entity can disclose PHI to business associates for treatment, payment, operations, or other allowed purposes, but must have a business associate agreement in place with the BA. Lawyers are specifically identified as potential BAs. The BAA must contain certain things, like an obligation on the BA's part to allow HHS to see its internal practices, books and records related to how it holds and uses PHI, and an obligation on the BA's part to return or destroy any PHI at the end of the contract. These two items in particular concern for lawyers, and particularly for health lawyers. If a client comes to a lawyer seeking the lawyer's advice regarding a fraud investigation, the last thing the lawyer wants to do is sign a contract with the client obligating the lawyer to open his books and records to the government. Just agreeing to do that might be an ethical violation by the lawyer. A lawyer also might want to keep his legal files in case a matter gets appealed, or the client decides to sue the lawyer for legal malpractice later on. Destroying or returning the records would put the lawyer in a really difficult position.
Lawyers aren't like other vendors. They have a special relationship with their clients, different from other service providers; you never hear of somebody shooting their software vendor or billing company, do you? While it is understandable that HHS would want covered entities to make sure their BAs protect PHI, and would want to prevent lawyers from disclosing PHI that the lawyers' client can't disclose, making lawyers sign regular BAAs is problematic.
Hey, even lawyers can't figure out HIPAA. That should make you feel better if you're having trouble with it.
Jeff [10:10 AM]
Blogger: HIPAA Blog - Edit your Template