By: Vanessa Reynolds
One of the underlying principles of Accountable Care Organizations (ACO) is shared health spending savings and risks, which requires the sharing of protected health information (PHI). All parties to an ACO or other Organized Health Care Arrangement (OHCA) must therefore be mindful and observant of HIPAA’s requirements, including the requirement for business associate agreements.
As the relationships between the parties to OHCAs become more complex, so, too, are the relationships between covered entities, business associates and their downstream business associates. Depending on the arrangement or transaction, ACOs and providers may be covered entities, business associates, or both.