Published on June 29, 2017
This is the third blog post in a series that describes how Hushmail for Healthcare supports HIPAA compliance for your healthcare practice.
The HIPAA Privacy Rule establishes the standards that organizations need to take to protect patient health information. It only applies to Covered Entities—health plans, health care clearinghouses and some health care providers—many of which rely on other organizations to carry out a variety of services, from accounting to providing an easy-to-use encrypted email service.
Covered entities are permitted to disclose Protected Health Information (PHI) to these organizations, known as "Business Associates", as long as they agree to certain provisions. Business associates may only use the PHI shared with them for the purposes for which they were hired, for instance, not for their own business purposes. And they must protect the PHI, and help the covered entity comply with the Privacy Rule.
To formalize the arrangement between covered entities and business associates, a contract or agreement between the two must address certain specified elements. The agreement must: Describe the permitted and required uses of PHI by the business associate. Provide that the business associate will not use or further disclose the PHI other than as permitted or required by the contract or as required by law. Require the business associate to use appropriate safeguards to prevent a use or disclosure of the PHI other than as provided for by the contract.
Hushmail for Healthcare comes with a Business Associate Agreement that includes all the necessary terms to provide Covered Entities with assurance that Hushmail will safeguard the PHI. It’s just another way Hushmail makes it easy for you to do business and serve clients while supporting your HIPAA compliance.
Our Hushmail for Healthcare plans come configured for HIPAA compliance right out of the box. Learn more about how our healthcare plans can help you be HIPAA compliant.