If a DME supplier, vitamin supplier, text reminder application, auto payment system for patient accounts, or a website management company collects PHI data via a web portal are they considered a Business Associate? For example, the company has created a web portal or downloadable software application that requires internet access, with fields that collect data, and that data helps the provider manage patient custom dme orders, patient test results or natural remedies, patient appointment reminders, patient payment plans. The doctor must either manually provide the PHI or allow integration to their E H R system. Because they are providing the web site (portal) and collecting PHI and storing it temporarily on a server, should the Covered Entity obtain a BAA. I often hear from these SaaS or companies that have portals (applications) that the service they offer is not considered a Business Associate.
Question No. 142