The following are responses to questions that came up during the ScanSTAT Technologies seminar “HIPAA Compliance: The Stakes are Getting Higher” seminar at the e-MD’s User Conference 2010. If you have additional questions, please feel free to contact us.

1. Do drug reps have to sign a BAA or is an NDA sufficient? (I know some folks in the class said no to the BAA, but should we check to be sure?

Drug reps are not acting on behalf of the provider, therefore they do not meet the definition of business associate.  If the practice is concerned about incidental disclosures, then a non-disclosure agreement would be appropriate.

2. Are you required to check HHS.gov or register a compliance officer who is? How are you required to get the rules changes and information?
Every covered entity is required to have a HIPAA compliance officer.  The compliance officer is responsible for ensuring that the practice complies with the then-current regulations.  As a result, it is a good idea for the compliance officer to monitor the office of civil rights website (www.hhs.gov/ocr) to stay aware of changes.  It doesn’t matter how you get the rules, as long as you are sure they are from a reliable source and you are following them.

This post is intended for informational purposes only and should not be considered legal advice.  Any questions regarding this information should be addressed to your attorney.

Share This