December 2020
« Nov   Apr »

December 12, 2020

Medical Device Business Associate Agreement

Filed under: Uncategorized — Mark Baker @ 2:56 pm

A collection company, the American Medical Collection Agency (AMCA), caused an infringement that revealed the information of 20 million patients of Quest and LabCorp. Today, several class actions have been filed across the country and AMCA declares bankruptcy. This is just the latest in a long list of HIPAA-associated business injuries. And while THE AMCA is currently in the hot chair, Quest and LabCorp may also be in trouble depending on their contracts with AMCA, including their business agreement. Organizations such as claims processors, CPA and law firms, quality assurance advisors and pharmacy service managers are also subject to HIPAA rules when they receive or send PHI. There are many more business partners than there are covered companies in the health sector. The size and complexity of health care means that the PHI is located in many locations, locally and off-site, to and from addresses, electronically and by mail. A hospital, health plan or doctor`s office has several providers who help them provide services. The healthcare sector depends on outsourcing important activities, from billing to collections to data storage. Second, medical device companies should be proactive.

HIPAA is not particularly technically prescriptive, and integrating compliance with its laws may be easier for device development than trying to comply with HIPAA laws as a reflection. A common misunderstanding is that there are no significant HIPAA requirements for trading partners. Although this is partly the case before the final rule of the 2013 omnibus, things have definitely changed. Business partners are required to comply with many aspects of HIPAA`s privacy and security rules and must be assured of searching for and familiarizing themselves with all requirements. The most important thing is that trading partners be held accountable for violations of POS within their companies. In general, and as explained below, the data protection rule allows a health care provider (covered provider) to contact a representative of a medical device company (medical device company) in writing for its own treatment, for the purpose of paying or establishing the insured provider`s health care facility (45 CFR 164.506 (c) (1)) or for the purpose of processing or paying a medical device company that is also a service provider. (45 CFR 164.506 (c)) (2); (3)).

• • •

No Comments

No comments yet.

Comments RSSTrackBack URI

Sorry, the comment form is closed at this time.

Powered by: WordPress • Template by: Priss