Under HIPAA's TPO Exception, a Covered Entity may share PHI with another Covered Entity without obtaining patient consent if such PHI is used or disclosed for purposes related to Treatment, Payment, and Health Care Operations.
However, there may be additional federal regulations (see 42 C.F.R. Part II) or certain state patient privacy laws that may impose additional authorization or consent obligations with respect to patient confidential information. However, these additional regulations or laws typically pertain only to certain categories of providers or information.
It is important that you understand what patient privacy laws apply to you before providing any information to Bamboo Health. As the Covered Entity, you are responsible for obtaining all necessary consents required to disclose information to Bamboo Health, as your Business Associate, as well as to other Covered Entities, via the Bamboo Health Services.