Uber Health Business Associate Agreement

Facebooktwitterredditpinterestlinkedinmail

This month, Uber launched a new business line called Uber Health. The service offers a ride-hailing platform specially available to healthcare providers. “At this point, the developing model appears to be a direct contract with the health care provider or payer, which requires compliance with HIPAA and national data protection laws,” he said. Because health care providers use a digital dashboard to plan their patients` travel, providers pay for each trip, as opposed to a monthly subscription fee. Anti-kickback laws could come into play if a provider offers free or reduced trips to certain patients. “Health care providers need to be aware of their compliance obligations and be familiar with the requirements of the federal anti-kickback status,” gold and Wilpon write. Uber states on its website that Uber Health complies with HIPAA and that all data entered through the dashboard is protected by data protection and security controls in accordance with HIPAA standards. All data remains stored in the system, and the only information transmitted to its drivers is the patient`s name, the time of pickup and pickup, as well as the pick-up point and storage location, as with any taxi service. No protected health information is provided to drivers. In addition, in announcing its Uber health service, Uber noted that drivers will not receive any information showing the passenger called the Uber Health ride. This means that Uber Health processes sensitive health data for providers covered by HIPAA and that Uber Health works as a HIPAA business partner, according to Ms. Gold and Ms. Wilpon.

These counterparties must meet HIPAA requirements while complying with other guidelines in the counterparty contracts. Missed appointments cost health care providers $150 billion a year, with non-presentation rates of up to 30%, according to SCI Solutions, which provides IT services to the healthcare industry. Therefore, when health care providers make ride-sharing companies directly available to plan patient transportation, such as .B indication of the patient`s name and residence address for pickup or pickup, there is a partner relationship in accordance with HIPAA. As a result, health care providers must enter into agreements before they benefit from them for their patients. Companies that use or split Protected Health Information (PHI) on behalf of a covered company are defined as business associates. A covered company must receive satisfactory guarantees from a business partner that it protects the PHI it has received or created, also known as the Business Associate Agreement (BAA). However, these agreements call for greater caution, as ridesharing options are becoming more popular for consumers and more cost-effective for suppliers. These services create exposure for suppliers who may not be immediately visible; and it is essential that health care providers monitor regulatory issues, such as the Civil Fines Act. B the anti-kickback law, the Health Protection and Accounting Act (HIPAA) and the Fraud and Abuse Act.

Uber Health has tasked HIPAA experts to develop a health care-friendly program that has put in place numerous safeguards to protect the PHI, including business association agreements with partners, technical controls and administrative processes. Elizabeth Scarola, a member of the health practices at the law firm Carlton Fields, says any payment that could influence the choice of a provider of medical services can be held liable for civil penalties – up to $10,000 per violation.

Facebooktwitterredditpinterestlinkedinmail