FROM HHS: Business Associate Defined. In general, a business associate is a person or organization, other than a member of a covered entity's workforce, that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information. Business associate functions or activities on behalf of a covered entity include claims processing, data analysis, utilization review, and billing.9 Business associate services to a covered entity are limited to legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services. However, persons or organizations are not considered business associates if their functions or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such persons would be incidental, if at all. A covered entity can be the business associate of another covered entity. LEAVES GOOGLE'S OPTIONS PRETTY OPEN.
If your community hospital stores your medical record on big health system's Epic instance via Community Connect is that legal & ethical?
If your community hospital stores your medical record on Cerner's Community Works is that legal & ethical?
Just because a company has a bad reputation doesn't make it illegal or unethical.
If we look at HIPA rules and regulations, no one was notified or asked if they were alright to have this done. Exposing ones medical history is unethical and illegal and how safe is it on the web in the matrix? Begs the question who will hack into all this information on patients medical history....
This is business as usual and only attracts any interest in the 24 hour cycle of news because it is Google (or any other big layer). Hundreds or thousands of these deals being struck and used and for years. Remember the transcription outsourcing that led to outrage when overseas individuals held medical records for ransom