With the increasing need for businesses to save on costs, many companies are utilizing offshore companies to help with customer service, tech support, billing processes, etc. Is it possible one of your contracted companies whom you have a Business Associate Agreement, is utilizing an offshore workforce? Not only should you be concerned with this because of possible breaches which the US government won’t have any legal recourse, but PBM’s and NCPDP will be asking for attestations in the future. The time to prepare is now. Our latest episode with the Pharmacy Compliance Guide will discuss the impacts of Offshore businesses accessing PHI, why PBM’s are concerned, and what pharmacies should do now.
The covered entity is solely responsible for issuing the Business Associate Agreement, so if you sign someone else’s agreement, you are stuck with it. The Business Associate Agreement is a contract. Remember that!
Develop a document similar to the one the PBMs are asking you to sign and ask Business Associate to check a box with one of the two options and send it back to you. Now you can truthfully answer the questions posed to you by the PBMs and NCPDP.
To ensure we are in compliance with these federal mandates, please check the appropriate box below and return this signed attestation to us. Your failure to provide this attestation, as specified herein, constitutes a material breach of your agreement with us. An inaccurate response may constitute a violation of federal law for which penalties may apply.
Choose the appropriate statement by checking one of the boxes below:
As your HIPAA Business Associate, our organization and our downstream and related entities DO NOT utilize Off-Shore subcontractors to perform activities that involve receiving, processing, transferring, handling, and storing or accessing PHI at an Off-Shore location(s).
As your HIPAA Business Associate, our organization and our downstream and related entities DO utilize Off-Shore subcontractors to perform activities that involve receiving, processing, transferring, handling, and storing or accessing PHI at an Off-Shore location.