Does HIPAA Permit Bamboo Health to Receive and Exchange Information?

Bamboo Health receives and discloses Protected Health Information ("PHI") under the "TPO Exception" set forth in HIPAA. The TPO Exception states that a Covered Entity may use or disclose PHI for its own Treatment, Payment, and Health Care Operations activities, or for the Treatment, Payment, and Health Care Operations of another Covered Entity, without the need to obtain patient authorization. In addition to the foregoing, such uses and disclosures of PHI may either be facilitated directly by the Covered Entity or done on behalf of such Covered Entity, via its Business Associate.

Bamboo enters into a Business Associate Agreement with every single one of its customers, and the receipt and use of PHI from any given customer is done pursuant to such Business Associate Agreement. Further, Bamboo Health only discloses PHI via the Bamboo Services to another Bamboo customer if, and only if, such customer has a Treatment, Payment, or Health Care Operations relationship with the patient to whom the information pertains, as determined by Bamboo's proprietary matching algorithm.

All capitalized terms not defined herein shall have the meanings ascribed to them in HIPAA. 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles