Answer: The department does not change the rule in this regard. The data protection rule must not interfere with the privilege of a lawyer. The ministry also does not believe that it will be necessary for the secretary to have access to privileged material to resolve a complaint or investigate a breach of the confidentiality rule. However, the Department does not consider it appropriate to exempt lawyers from the requirements imposed on business partners. A reportable supplier may be a HIPC unit and, therefore, the information provided to a PSO may contain protected health information that the PSO may analyse on behalf of the covered supplier. The analysis of this information is a patient safety activity within the meaning of the PSQIA and the Patient Safety Rule, 42 CFR 3.10, et seq. While the HIPAA rules, in their written form, would treat a PSO as a business partner, if the PSO performed quality testing and other activities on behalf of a covered healthcare provider, we proposed this change to the definition of “business partners” to more clearly guide hipaa and patient safety rules. HIPAA`s protection and security rules allow a covered company to transmit protected health information to a counterparty and to allow a counterparty to produce, receive, maintain, or transfer protected health information on its behalf, provided that the covered entity receives satisfactory assurances in the form of a contract or other agreement under which the counterparty will receive adequate protective information. HIPAA rules typically define “counterparties” as a person who performs functions or activities on behalf or services specific to a covered business that involve the use or disclosure of protected health information. We have proposed a series of amendments to the definition of “business partners” to implement the HITECH Act, to adapt the term to the legal provisions of the Patient Safety and Quality Act of 2005 (PSQIA), 42 U.S.C 299b-21 et seq., and to make other changes to the definition.

With regard to the reduction, the Ministry does not accept the commentator`s proposal. When protected health information is used or disclosed inappropriately, the damage suffered by the person is the same, whether the injury was caused by the covered entity or by a counterparty. Furthermore, this provision is not an absolute standard that should require active monitoring of the counterparty or the reduction of all damages caused by the counterparty. . . .