Health Insurance Portability and Accountability Act (HIPAA)

Dear Practitioner

Many practitioners have asked if the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule requires covered health care providers to have a Business Associate Contract with either The Trust or Trust Risk Management Services, Inc. (TRMS) for professional liability insurance purposes. The Trust and TRMS have reviewed the HIPAA Privacy Rule from a legal standpoint; specifically, analyzing our relationship with you, the insured. Our review of this issue is that it is not necessary to enter into a Business Associate Contract with either The Trust or TRMS.

The Privacy Rule permits a covered health care provider to disclose information for "health care operations" purposes, subject to certain requirements. Disclosures by a covered health care provider to a professional liability insurer or a similar entity for the purpose of obtaining or maintaining professional liability coverage or for the purpose of obtaining benefits from such insurance, including the reporting of adverse events, fall within "business management and general administrative activities" under the definition of "health care operations." Therefore, a covered health care provider may disclose individually identifiable health information to a professional liability insurer to the same extent as the provider is able to disclose such information for other health care operations purposes. For this reason, neither The Trust nor TRMS will need to enter into a Business Associate Contract with any of our insureds.

For further information please see 45 CFR 164.502(a)(1)(ii) and the definition of "health care operations" at 45 CFR 164.501. You may also wish to review the U.S. Department of Health and Human Services website at the following address http://www.hhs.gov/ocr/hipaa/

While it is not necessary to have a Business Associate Contract with either The Trust or TRMS, this does not alleviate the provider from following all relevant statutes and regulations regarding privilege and confidentiality when reporting an incident or claim to the insurance carrier.


NOTE: This information is provided as a risk management resource and is not legal advice or an individualized personal consultation. At the time this resource was prepared, all information was as current and accurate as possible; however, regulations, laws, or prevailing professional practice standards may have changed since the posting or recording of this resource. Accordingly, it is your responsibility to confirm whether regulatory or legal issues that are relevant to you have since been updated and/or to consult with your professional advisors or legal counsel for timely guidance specific to your situation. As with all professional use of material, please explicitly cite The Trust as the source if you reproduce or distribute any portion of these resources.