Lugar de Noticias Haynes and Boone

HIPAA and Outsourcing
9/30/2003
Randall E. Colson

Presented at:

Negotiating Technology Outsourcing Agreements
Law Seminars International
Seattle, Washington


Introduction

The Health Insurance Portability and Accountability Act of 1996, more commonly known as HIPAA, has brought many changes to the health care field, as well as our day-to-day lives.  The most obvious changes to a typical individual are from the privacy standards that went into effect on April 14, 2003.  If you visited a physician since April 14, you should have received a HIPAA privacy notice, and you may have noticed new office procedures designed to protect the privacy of your patient records.  Even if you have not visited a physician recently, you probably have experienced the frustration of HIPAA privacy standards at your local pharmacy.  While there are many aspects to HIPAA, including those that impact us personally, non-health care specific outsourcers and their customers will feel the impact of HIPAA’s privacy standards and security standards in their business relationships.

This paper first provides a brief overview of the statutory background of HIPAA and to whom its privacy and security standards apply.  This paper then provides a summary of the privacy and security standards and their associated business associate obligations.  Finally, this paper examines areas where outsourcers may be impacted by these standards.