Protected Health Information (PHI) Data Flow Worksheet
One Approach for Data and Process Mapping
When the final Omnibus Rule was announced in January 2013, it significantly expanded the accountability and liability of business associates under HIPAA. But many organizations that provide services to healthcare covered entities don’t even know if they are a business associate (BA). The final rule revised the definition of a BA and identifies them as follows:
A “business associate” is generally a person or entity that creates, receives, maintains, or transmits protected health information (PHI) in fulfilling certain functions or activities for a HIPAA-covered entity. Health information that is created or received by a covered entity, identifies an individual, and relates to that individual’s physical or mental health condition, treatment, or payment for health care is considered PHI when it is transmitted by or maintained in any form of medium, including electronic media.
This white paper requires registration. Please fill out the form to the right to instantly receive access.