• Government
• Profession
• Business
• Opinion
• Health

• Health reform
• H1N1
• P4P
• EMRs
• Medicare
• Liability
• AMA House
• » More

• Book Excerpt
• Business Pitch
• Meetings
• » More

• Contract Language
• Ethics Forum
• In the Courts
• Practice Management
• Technically Speaking
• » More

• Bby date
• Regions
• Health plans
• Sections
• News briefs
• Columns
• Editorials
• Letters
• Writers
• Other years

• Search tips
• E-mail alert
• Radio
• RSS
• Mobile
• Subscribe
• Institutions
• Staff directory
• Advertising
• Permissions
• Reprints
• News media
• Site guide
• Useful links
• About
• Premium
• Contact

Getting contracts ready for patient privacy

Business associates must adhere to privacy rules, too.

By Joel B. Finkelstein, amednews staff. March 17, 2003.

• PRINT|
• E-MAIL|
• RESPOND|
• REPRINTS|
• SHARE

HIPAA Minute
A series of brief explanations to help physicians prepare for the medical privacy rule, effective April 14, 2003.

Your practice might be ready for the patient privacy rules, but are your business associates up to snuff?

The Health Insurance Portability and Accountability Act regulations require physicians to devise or revise contracts with their business associates to comply with new protections for patient health information. The goal is to make sure that businesses that are not directly covered by the privacy rule still follow its standards.

Doctors will need to sign or revise contracts with accounting firms, health care clearinghouses, medical transcriptionists or any other contractor that has access to personally identifiable patient information but is not directly involved in treating the patient. This also may include accreditation organizations if they require the sharing of patient information that has not been stripped of individual identifiers.

On the other hand, contracts are unnecessary for dealings with other doctors, hospitals or laboratories. Business associate contracts also are not needed for office staff or contractors, such as janitors or, in many cases, computer and software consultants, who would have only incidental access to patient information.

Physicians usually don't need a contract to give patient information to health care researchers, as long as patients have authorized the sharing.