Does HIPAA Permit Bamboo Health to Receive and Exchange Information?
Bamboo Health receives and discloses Protected Health Information ("PHI") under the "TPO Exception" set forth in HIPAA. The TPO Exception states that a Covered Entity may use or disclose PHI for its own Treatment, Payment, and Health Care Operations activities, or for the Treatment, Payment, and Health Care Operations of another Covered Entity, without the need to obtain patient authorization. In addition to the foregoing, such uses and disclosures of PHI may either be facilitated directly by the Covered Entity or done on behalf of such Covered Entity, via its Business Associate.
Bamboo Health enters into a Business Associate Agreement with every single one of its customers, and the receipt and use of PHI from any given customer is done pursuant to such Business Associate Agreement. Further, Bamboo Health only discloses PHI via the PatientPing Services to another PatientPing customer if, and only if, such customer has a Treatment, Payment, or Health Care Operations relationship with the patient to whom the information pertains, as determined by PatientPing's proprietary matching algorithm.
All capitalized terms not defined herein shall have the meanings ascribed to them in HIPAA.