Would the ISP be considered a Business Partner? If so, then would the Data Security and Privacy requirements apply?
The connection between the pharmacy and the ISP is only an issue if the pharmacy gives the ISP access to patient information in the course of providing services. If the information is encrypted from the patient’s browser to the web server at the pharmacy – then the ISP would not have access to patient information and would not be a Business Partner. However, if the ISP hosted the web server and personnel at the ISP had access to patient information that was stored on that server, then the ISP would be a Business Partner and they would have to comply with Privacy and Security as part of the terms of their agreement with the pharmacy. (Posted 10/17/00) How can the covered entity, in this case the pharmacy, force the person requesting the prescription refill to encrypt the request, even if the pharmacy is providing a web site for receiving the protected information? The web server can be set up to restrict access only to those persons using browsers which support a 128 bit encrypted SSL s
Related Questions
- Would the ISP be considered a Business Partner? If so, then would the Data Security and Privacy requirements apply?
- Security and privacy of our customer data are key to our business. How secure are the DebtResolve systems?
- How can incorporating data security and privacy into my business operations help my business grow?
