Business Associate Domain 19
Can there be an additional risk factor question for business associates that asks whether they have any responsibility for handling ePHI/PHI requests from end users/consumers (e.g. disclosures, restrictions in writing)?
Domain 19 has many requirements that are focused on covered entities, and if a BA can confirm they would never be involved in the handling of ePHI requests from end users/consumers I think it would remove several requirements that wind up being N/A and would provide clarity during QA.
5
votes
![](https://secure.gravatar.com/avatar/20d6091956e42a054cfd2ae891d88025?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)