Re: HIPAA Business Associate/Identity Theft Prevention Agreement

[Chris Kidd <chris.kidd () UTAH EDU>]

We ask institutions sending students on clinical rotations to sign a clinical training agreement w/ business associate 
language. It's been a routine practice since 2003.

Chris

Chris Kidd
Chief Information Security and Privacy Officer
University of Utah
650 Komas Drive, Suite 102
Salt Lake City, UT 84108
Office: 801.587.9241
Cell: 801.747.9028
chris.kidd () utah edu

http://www.secureit.utah.edu

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steven 
Bourdon
Sent: Monday, February 22, 2010 1:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] HIPAA Business Associate/Identity Theft Prevention Agreement

Hello All,

I just received an agreement from a local hospital requesting we sign as a "business associate" under HIPAA and 
"service provider" for FTC Red Flag Rules.   Other than a nursing program with student clinical rotations performed at 
local hospitals we don't deal with protected health information on campus.  This is a new area for me so I'm curious if 
others have signed similar agreements for their health programs with local health providers for student clinical 
activities.

Thanks,

Steven M. Bourdon, CISO
South Texas College