October 9, 2014



I'm finally implementing EMR.  I try to be really HIPAA conscious.  Will I need to treat my EMR vendor as a business associate?  If so, I believe I need a contract, right?

Thanks for your advice.  
Dr. H


Depends. Software vendor is one of those third parties that may qualify as a business associate or may not, depending on whether they have access to the practice's protected health information.  If the access is only incidental to installation and you will not be receiving software support that allows access to your protected health information, the answer may be that the software vendor does not qualify. However, if the vendor requires access to protected health information as related to its service, then yes, the vendor likely qualifies and you should have a proper business associate agreement signed before allowing access to the practice.    

               For the Office for Civil Right's answer on this question, click here.  

I-STOP Implementation - Common Q&As

Looking for HIPAA and compliance forms?  
Click here to visit 
our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or  at (516) 747-6700 x. 302.