Forms and Documents for UPMC Insurance Services Division Business Associates
HIPAA Guidelines for Business Associates
UPMC Health Plan and its affiliates (collectively referred to on this page as "UPMC Health Plan") are required to adhere to the rules established by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), a federal law governing, among other things:
- The privacy of identifiable health information—referred to as protected health information ("PHI")—regardless of the format in which it exists (this includes electronic, written, and verbal communication).
- Electronic data interchange and code set standards.
- Security of PHI.
HIPAA applies to health care providers, health plans, health care clearinghouses and certain third parties that perform services involving PHI or the exchange of electronic data on behalf of UPMC Health Plan (referred to as "Business Associates"). HIPAA has been modified on a number of occasions since its enactment in 1996, most recently with the passage of the 2013 HIPAA Omnibus Rule.
In order to comply with HIPAA, UPMC Health Plan has developed the "UPMC Terms and Conditions (PDF) for Business Associates," to which all UPMC Health Plan’s Business Associates must adhere.
In January 2013, HIPAA was amended and revised by what is known as the HIPAA Omnibus Rule. The HIPAA Omnibus Rule includes changes to the obligations of Business Associates. As a result, UPMC Health Plan has adopted a web-based Business Associate Agreement, referred to as "UPMC Health Plan Terms and Conditions for Business Associates."
If UPMC Health Plan negotiated a HIPAA Business Associate Agreement with you prior to September 23, 2013, by continuing to perform services after September 23, 2013, you agree that your Business Associate Agreement is amended to comply with the HIPAA Omnibus Rule Terms and Conditions for Business Associates. Please click on the link to the Terms and Conditions for Business Associates located on this page for further information.
If you are a new Business Associate after September 23, 2013, your underlying agreement to provide services to the Covered Entity will require you to comply with the HIPAA Omnibus Rule Terms and Conditions for Business Associates. Please click on the link to the Terms and Conditions for Business Associates located on this page for further information.