Microsoft HealthVault: You put your right HIPAA in . . .

Microsoft HealthVault: You put your right HIPAA in . . .

In a post today, Sean Nolan, Chief Architect of Microsoft Health Solutions and blogger at Family Health Guy explains Microsoft's position regarding whether Microsoft HealthVault is required to comply with the privacy standards under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The blog post, "You put your right HIPAA in . . ." provides some background on the process that Microsoft has gone through to look at the question of whether they are directly required to comply with HIPAA as a "covered entity" or whether the must enter into "business associate agreement"with other covered entities. Although they don't reach a final definitive conclusion Microsoft does state that they are now prepared to sign a business associate agreement with any covered entity who concludes that it is important as a part of their compliance and responsibility under HIPAA.

The post by also includes a link to the standard Microsoft HealthVault Business Associate Agreement.

The conclusion reached by Microsoft seems like a practical one to this health care lawyer. Anyone who deals with health information has a responsibility to assess whether or not they are a covered entity under HIPAA. They further have a responsibility to be a part of the conversation with those other person that they deal with who are covered entities as to whether a business associate agreement must be in place. However, the final decision of whether a business associate agreement is required must be made by the covered entity who is responsible for complying with the privacy provisions.

The determination of whether a particular party is a business associate under HIPAA is one that largely depends on the unique facts of the relationship that they have with a covered entity under HIPAA. There is not a blanket determination of whether someone is or is not a business associate for purposes of HIPAA compliance. The questions that must be asked to assess whether a business associate relationship exists under 160.103 and 164.502 are:
  1. Does the person/party "perform or assist" in the performance of a "function or activity" involving the use or dislcosure of individually identifiable health information" OR
  2. Does the person/party provide certain "professional services to or for the covered entity" involving the disclosure of individually identifiable health information (as these terms are futher defined under the regulations).
As stated in the post there is still unclear areas as a result of the ARRA HITECH privacy provisions that will still need to be sorted out as we move forward. However, the important issue is to continue to move forward.
at 8:57 AM
Labels: , , ,

0 comments:

Post a Comment

  • Health Care Reform Explained from B... Dan Roam at the Back of the Napkin Blog sums up the current health care reform effort in this four part health care series, Healthcare Napkins All. Great back of the...
  • Why We Need A Health Care Revolutio... Dr. Val Jones' road to revolution provides her personal perspective on the current state of our health care system and why we all need to work for change.Don't miss the...
  • The important lesson from sandcastl... As I return to West Virginia after a week spent at the beach -- this post by Jim Carrol, Futurist, Trends & Innovation Expert, caught my attention. Much of my week on...
  • A little Nick: I'm a liberal an... Law blogger posts online: Don't miss reading this post by my favorite hospital blogging CEO, Nick Jacobs over at Nick's Blog. Much of what Nick has to say strikes a chord with me and this post is...
  • Executive Order Impacts Health Care... Law blogger posts online: President Bush signed an Executive Order on August 22 requiring federal agencies to do more to inform public health care consumers about the cost and quality of health...
  • eHealthWV: West Virginia EHR Public... Law blogger posts online: As a part of West Virginia's participation in the Health Information Security and Privacy Collaborative (HISPC), West Virginia Medical Institute and its partners launch...
  • Physicians vs. Patient: Rating-Perm... Interesting post from the WSJ Health Blog on Medical Justice's new ratings-permission contracts (press release on service).This new service offered by Medical Justice...
  • Just when you thought it was safe: ... Law blogger posts online: I’ve blogged previously about just how much I hate browser toolbars and nothing much has changed in the four years that have passed. Call me nosey, but when I’m...
  • Governor Manchin Approves Cardiac C...The West Virginia Health Care Authority website indicates today that Governor Manchin approved the final revised certificate of need Cardiac Catheterization Standards.
  • A Law Actually Interview with… Litt... Next up in the interview chair is Gemma from Little Tiny Pieces. Little Tiny Pieces is an interesting name?  What it inspired it; does it have any hidden meanings?...
  • Let the voting commence!... Law blogger posts online: Yes, after two long weeks of nominations, the shortlist for the 2010 Blawggies has been decided and voting for the awards can officially begin! The polls will remain...
  • Is blogging good for your health?... Law blogger posts online: Is blogging good for your health?This Boston Globe article, Cancer blogs become part of treatment, indicates that blogging about your condition has a positive impact.The...
  • ADVANCE Magazine - Article on EHRs ... Recently I was interviewed for an article looking at the legal issues involved in the developing world of EHRs and PHRs written by Beth Walsh for ADVANCE Magazine. The...