Use of off-shore entities raise the issue of whether the US company will enter into a "safe-harbor" agreement with the US government in order to transfer the PHI to those countries with a privacy law. If the US company uses a company in a country without a privacy law, it must determine what its responsibilities/obligations are under HIPAA as well as the state privacy requirements. The state may prohibit the transfer of PHI to a country without adequate protection. All in all, the uncertainty of such an arrangement would tend to emphasize the need for a more conservative approach of compliance rather than avoidance.
Moya T. D. Gray, Director Office of Information Practices State of Hawaii No. 1 Capitol Center 250 South Hotel Street, Suite 107 Honolulu, Hawaii 96813 Tel: 808-586-1400 Fax: 808-586-1412 Web: www.state.hi.us/oip The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
