Re: HIPAA Business Associate/Identity Theft Prevention Agreement

[Steven Bourdon <sbourdon () SOUTHTEXASCOLLEGE EDU>]

Thanks to all respondents for your helpful feedback.  I found the HIPAA
compliance site at SUNY- Univ. of Buffalo
http://www.hpitp.buffalo.edu/hipaa/  and their position statement very
helpful in determining that our student clinical activities do not make
us a "business associate" under HIPAA.

 

Cheers,

 

Steve

 

 

Steven M. Bourdon

Chief Information Security Officer

South Texas College, McAllen, TX

Phone: (956) 872-2335

Fax: (956) 872-556

 

 

 

From: Chris Kidd [mailto:chris.kidd () UTAH EDU] 
Sent: Monday, February 22, 2010 3:31 PM
Subject: Re: HIPAA Business Associate/Identity Theft Prevention
Agreement

 

We ask institutions sending students on clinical rotations to sign a
clinical training agreement w/ business associate language. It's been a
routine practice since 2003. 


Chris

 

Chris Kidd

Chief Information Security and Privacy Officer

University of Utah

650 Komas Drive, Suite 102

Salt Lake City, UT 84108

Office: 801.587.9241

Cell: 801.747.9028

chris.kidd () utah edu 

 

http://www.secureit.utah.edu

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steven Bourdon
Sent: Monday, February 22, 2010 1:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] HIPAA Business Associate/Identity Theft Prevention
Agreement

 

Hello All,

 

I just received an agreement from a local hospital requesting we sign as
a "business associate" under HIPAA and "service provider" for FTC Red
Flag Rules.   Other than a nursing program with student clinical
rotations performed at local hospitals we don't deal with protected
health information on campus.  This is a new area for me so I'm curious
if others have signed similar agreements for their health programs with
local health providers for student clinical activities.    

 

Thanks,

 

Steven M. Bourdon, CISO

South Texas College