|
Pathogenesys is dedicated to uphold the principles of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which establishes privacy requirements for the protection of patients' health information. These principles apply to "covered entities," a term that includes pathologists and laboratories. Although not all information will need to be protected, most patient information will be considered "protected health information" (PHI). PHI includes all individually identifiable health information, including electronic and paper records and also oral communications.
Pathogenesys will ensure the proper handling of PHI by: (1) monitoring the uses and disclosures of PHI; (2) giving certain rights to patients with respect to their PHI; and (3) establishing certain administrative policies and procedures to ensure that privacy is prioritized. Pathogenesys will also be affected by HIPAA through its business associate requirements.
The HIPAA privacy rules require that Pathogenesys enter into written agreements with their business associates. These business associate agreements ensure that a business associate will provide the same privacy protections to the covered entity's information as the covered entity would. To facilitate this association a Business Associate Agreement is provided at this link. It you wish to entry into a business association, please sign a copy of this agreement and send it to Pathogenesys LLC, 101 Theory, Suite 250, Irvine, CA 92617 or fax it to 949-258-0319. Please provide a return address and information relative to the nature of the association. This agreement is only necessary if there is an exchange of PHI. Pathogenesys will sign and return a copy to you.
By entering into this agreement, the business associate agreement will set forth the actions for which the business associate will be responsible.
•The business associate must use appropriate safeguards to prevent use or disclosure other than as provided in the contract.
•The business associate must report to the Pathogenesys any use or disclosure not provided for by the contract of which the business associate becomes aware.
•The business associate must ensure that any subcontractor or agent to whom it provides PHI agrees to the same restrictions and conditions that apply to the business associate.
•The business associate must make PHI available to a patient upon individual request as appropriate.
•The business associate must make PHI available for amendment and incorporate changes or amendments to PHI when notified to do so by the covered entity.
•The business associate must provide the covered entity with the information it needs to make an accounting of disclosures to an individual.
•The business associate must make its practices, books, and records relating to the use and disclosure of PHI available to the Department of Health and Human Services if it requests to do so for purposes of determining the covered entity's compliance with the privacy rules.
•Upon termination of the contract, the business associate must, if feasible, return or destroy all PHI it received or created on behalf of the covered entity. If such return or destruction is not feasible, the business associate must extend the protections in the contract to the information and limit further uses and disclosures to whatever purposes are creating the reason why the business associate cannot return or destroy the information.
|
