AMR has been providing customers with the highest levels of privacy and security for patients' confidential health information since 1994. We respect the privacy of every individual who visits this site. We believe in a policy that permits you to determine how we use your information. We have safeguards and security measures in place to protect from loss, misuse and alteration of the information you provide to us.
AMR collects no personally identifying information except when you specifically and knowingly provide it. Examples of when you voluntarily submit this kind of information include when you fill out the customer contact information located under our "contact us" menu selection.
HIPAA and the New Privacy Law
The Health Insurance Portability and Accountability Act (HIPAA) is legislation that was passed in 1996. The focus of most of the time and effort related to HIPAA is on the Administrative Simplification provisions (Title II, Sub Title F) of HIPAA. This portion of the statute gave the authority to the United States Health & Human Services Department to define regulations related to transactions and code sets, identifiers, privacy and security. This legislation will accomplish many things, but none greater than enhanced accountability related to the privacy of an individual's medical records and other personal health information.
The privacy standards of HIPAA create a national framework for health privacy protection to enhance the protection of patient medical and health information. The privacy standards change the manner in which almost all health care providers and others handle the use and disclosure of health information. However, the Privacy Rule applies only to health plans, health care clearinghouses and certain health care providers, otherwise known as "covered entities" under HIPAA. In today's complicated health care delivery system, most health care providers rely on contractors and other "business associates" to assist them in providing quality care to their patients.
AMR is one of these business associates, assisting caregivers by providing a cost effective, efficient solution to their medical records copying needs.
What is a Business Associate?
A business associate is a person or entity who provides certain functions, activities or services for or to a covered entity, involving the use and/or disclosure of protected health information.
The business associate provisions of HIPAA were adopted out of concern that covered entities routinely disclose protected health information to a wide range of third parties. Because the privacy law only applies to covered entities, the business associate rule places restriction on third parties who perform certain functions on behalf of a covered entity and receive protected health information. Without restrictions on these disclosures, the protections intended by HIPAA would not cover a significant amount of protected health information that is disclosed to business associates.
Under HIPAA, the privacy law requires covered entities to have written agreements and satisfactory assurances that the information they disclose to their business associates will remain confidential, only to be used for the intended purpose, safeguard the information from misuses, and will assist the covered entity with complying with their responsibilities under the privacy rule. This information must only be provided to a business associate to help the covered entity carry out their health care function, not for independent use by the business associate.
A Business Associate Agreement requires that AMR:
Use the information disclosed only for the permitted purpose
Prevent the disclosure of all protected health information to anyone not authorized to receive it
Report any use or disclosure of information not provided for by the agreement
Use appropriate safeguards to prevent the use or disclosure of information other than as provided by the agreement
Ensure that subcontractors or agents to whom protected health information is provided agree to the same restrictions and conditions
Make protected health information available to the individual about whom the information pertains for amendment or top provide an "accounting of disclosures"
Make available to the Department of Health and Human Services Secretary the business associate's internal practices, books, and records relating to the use and disclosure of protected health information, if requested
Return or destroy all protected health information received from the covered entity at termination of the agreement
Authorize termination of the agreement by the covered entity upon determination that the business associate violated a material term of the agreement. Only applies if corrective action is not taken within 10 days of disclosure.
As one of the value added service that AMR provides, we have created a HIPAA based sample BAA for you to use or modify to fulfill your requirements as a covered entity.
Click Here For Sample Business Associate Agreement