[ Saturday, January 19, 2013 ]


Nugget No. 4: If you are a hybrid entity, you can segregate your covered-entity-like functions from the rest of your operations, and only the CE-like part of your operations must comply with HIPAA.  However, if another part of your organization provides business-associate-like functions for the CE-like part, you used to be able to keep that part separate.  Not anymore: since an entity can't have a BAA with itself (why not, he asked), the BA-like parts of the entity must be included in the CE-like part.  Actually that kinda makes sense, although you certainly could cure it with an internal BAA.  So, if you're a hybrid entity, make sure any part of the organziation that touches PHI is included in the CE-like part.

Jeff [10:54 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template