In this assignment you will analyze HIPAA guidelines for privacy and security to learn how they impact organizations that have access to Protected Healthcare Information (PHI). You will learn how to determine if an organization is a “covered entity” and if its contractors fall under the “business associate” definition; business associates and other contractors are the third-parties referred to in the title of the course: Third-Party Risk Management in Healthcare. IAS professionals in healthcare must understand these definitions and be able to apply them to their organization and its contractors.
Use the course readings and any other research necessary to write a paper about which organizations must follow HIPAA guidelines for privacy and security. Include the following information in your paper:
- Define the categories covered entities and business associates.
- Differentiate between entities that are covered and not covered.
- Identify the key determinant that makes an organization a covered entity under HIPAA.
- Explain what qualifies an organization as a business associate of a covered entity under HIPAA.
- Explain how a covered entity is legally liable for third-party business associates in relationship to their access of PHI.
- Describe penalties and other requirements that apply to business associates that are covered entities.
- Give an example of a penalty faced by a covered entity.
- Provide an example of an organization in each category, describing the characteristics that make the organization fit the definition.
- Cite all references in APA format.