OCR: Labs as Business Associates - No, but....

OCR: Labs as Business Associates - No, but....

Posted by Amy Wood on Apr 3 2017, 10:22 PM

OCR: Labs as Business Associates - No, but....

Last week the American Dental Association published a response from The Office of Civil Rights (OCR) regarding whether or not Dental Labs require a Business Associate Agreement.  Their response was: no, they are not considered Business Associates because they are considered a Covered Entity as a Healthcare Provider.

That's great clarification, however, many labs don't acknowledge they are a Covered Entity.  In states like California, Dental Labs are not required to have a DDS or DMD on staff, some labs attempt to skirt both the Covered Entity or Business Associate titles.  

In order to send Protected Health Information (PHI) to another business or person, they have to either be a Covered Entity, Business Associate or the patient themselves.  Per OCR: All disclosures must be categorized as a Covered Entity or Business Associate to be permissable.  If not, then you are breaching Protected Health Information.

What To Do?

Ensure the vendors you use acknowledge they are a Covered Entity.  If they say they aren't a Covered Entity, you have two choices: categorize them as a Business Associate since they are creating, receiving, maintaining or transmitting PHI on your behalf, or cease all business with them.

Once you've defined your HIPAA relationship, make sure they aren't doing things like writing names of patients on the outside of the box or in the shipping label (I've watched delivery services say the names in a crowded waiting room).  

If they don't acknowledge or accept your terms, consider finding different vendors -- this is your patient information after all, and you are expected to protect it to the best of your ability, including the vendors you refer work to.

http://www.ada.org/en/publications/ada-news/2017-archive/march/ocr-responds-to-question-about-dental-labs-business-associate-agreements

    Share On

    Leave A Reply

    Please fill all the fields.

    Talk to our experts

    Start your journey to compliance by directly interacting with our experts. With extensive years of experience in making dental practices HIPAA Compliant, we provide everything from start to finish to make you compliant, safe, secure, and confident against data breach. Look no further, begin your training today by scheduling a class with our experts!