Under HIPAA, which one of the following statements is true regarding the release of PHI by covered entities to business associates? A. Covered entities are responsible for the use of PHI made by business associates. B. Covered entities aren’t allowed to release PHI (identifiable or de-identified) to business entities. C. Covered entities must require adequate assurances in writing that business associates will adequately safeguard PHI. D. Once a covered entity releases information to a business associate, the associate may disclose that information to other entities.

Question

Under HIPAA, which one of the following statements is true regarding the release of PHI by covered entities to business associates? A. Covered entities are responsible for the use of PHI made by business associates. B. Covered entities aren’t allowed to release PHI (identifiable or de-identified) to business entities. C. Covered entities must require adequate assurances in writing that business associates will adequately safeguard PHI. D. Once a covered entity releases information to a business associate, the associate may disclose that information to other entities.

(B). IS MY ANSWER...but am confuse

Answer 1

Please read the linked responses to this question. Scroll down a bit and read the posts linked under Related Questions.

Answer 2

Under HIPAA (Health Insurance Portability and Accountability Act), the release of PHI (Protected Health Information) by covered entities to business associates is subject to certain regulations. To determine which statement is true regarding this topic, let's break down each option:

A. Covered entities are responsible for the use of PHI made by business associates.
This statement is true. Covered entities are responsible for ensuring that their business associates comply with HIPAA regulations and properly protect the PHI they receive.

B. Covered entities aren’t allowed to release PHI (identifiable or de-identified) to business entities.
This statement is not true. Covered entities are allowed to release PHI to business associates under specific circumstances and with appropriate safeguards in place.

C. Covered entities must require adequate assurances in writing that business associates will adequately safeguard PHI.
This statement is true. Covered entities are required to have written agreements with their business associates in which they provide assurances that they will appropriately safeguard PHI.

D. Once a covered entity releases information to a business associate, the associate may disclose that information to other entities.
This statement is not true. Business associates are prohibited from further disclosing PHI to other entities without the explicit permission or authorization of the covered entity who originally provided the information.

So, based on the explanations above, the correct answer is C. Covered entities must require adequate assurances in writing that business associates will adequately safeguard PHI.