JWK Posted February 24, 2010 Posted February 24, 2010 Has anyone seen a good discussion or any guidance on what makes a business associate an agent vs. an independent contractor under the HIPAA breach notification rules? I know that the preamble is replete with references to the federal common law of agency, but that is a huge field. The Restatement of Agency focuses on the right to control the actions of the business associate, which in the agreements I have seen is almost never present. I mostly work with group health plans, and the last thing they want is control over the business associate--performance standards, yes, but not control over performance of services. On the other hand, many of these business associates are held out to participants and beneficiares as authorized to act on behalf of the plan, e.g., EAP provider, third party claims administrator, COBRA administrator. Is that sufficient to make them an "agent?" That's different from the control test--they are acting on behalf of a disclosed entity, but does not fact make them an agent? I'm interested in other views on this question. Thanks.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now