Which of the following statements is true of HIPAA rules regarding the release of PHI by covered entities to business associates? A. Once a covered entity releases information to a business associate, the associate may disclose that information to other entities. B. Covered entities are responsible for the use of PHI made by business associates. C. Covered entities aren’t allowed to release PHI (identifiable or de-identified) to business associates. D. Covered entities must require adequate assurances in writing that business associates will adequately safeguard PHI.
Expert Solution Preview
Introduction: HIPAA (Health Insurance Portability and Accountability Act) rules are in place to ensure the protection and confidentiality of patients’ personal health information (PHI). As a medical professor, it is important to understand and ensure that students also understand the guidelines set forth by HIPAA.
Answer: The correct statement regarding HIPAA rules regarding the release of PHI by covered entities to business associates is D. Covered entities must require adequate assurances in writing that business associates will adequately safeguard PHI. This means that covered entities (such as hospitals and medical practices) must have agreements in place with their business associates (such as billing companies and IT services) that outline expectations for safeguarding PHI. The covered entity is responsible for ensuring that the business associate follows these guidelines and will be held accountable for any breaches of PHI.
#statements #true #HIPAA #rules