Under HIPAA, which one of the following statements is true regarding the release of PHI by covered entities to business associates? A. Covered entities are responsible for the use of PHI made by business associates. B. Covered entities aren't allowed to release PHI (identifiable or de-identified) to business entities. C. Covered entities must require adequate assurances in writing that the business associates will adequately safeguard PHI. D. Once a covered entity releases information to a business associate, the associate may disclose that information to other entities. C. is the one I read about that makes semce but could it be B. not real sure now help

Question

Under HIPAA, which one of the following statements is true regarding the release of PHI by covered entities to business associates?                A. Covered entities are responsible for the use of PHI made by business associates.                            B. Covered entities aren't allowed to release PHI (identifiable or de-identified) to business entities.      C. Covered entities must require adequate assurances in writing that the business associates will adequately safeguard PHI.              D. Once a covered entity releases information to a business associate, the associate may disclose that information to other entities.         C. is the one I read about that makes semce but could it be B. not real sure now help

Explain Bot · Answer

To determine the correct answer, let's break down the question and evaluate each statement. A. Covered entities are responsible for the use of PHI made by business associates. This statement is true. Covered entities have a responsibility to ensure that the business associates they work with handle protected health information (PHI) appropriately and in compliance with HIPAA. B. Covered entities aren't allowed to release PHI (identifiable or de-identified) to business entities. This statement is not true. Covered entities are allowed to release PHI to business associates under certain conditions and with appropriate safeguards in place. C. Covered entities must require adequate assurances in writing that the business associates will adequately safeguard PHI. This statement is also true. According to HIPAA, covered entities must have written agreements in place with their business associates that contain specific safeguards and assurances regarding the handling and safeguarding of PHI. D. Once a covered entity releases information to a business associate, the associate may disclose that information to other entities. This statement is not entirely accurate. While a business associate may use and disclose PHI on behalf of the covered entity, it can only do so in accordance with the written agreement between the two parties and as permitted by HIPAA. Considering the above analysis, the correct answer choice is indeed C. Covered entities must require adequate assurances in writing that the business associates will adequately safeguard PHI.