What you need to know about the HIPAA Privacy Rule for Business Associates
Starting in November 2016 and continuing in full-force in 2017, audits will be executed by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) to insure HIPPA compliance for business associates.
The HIPAA Privacy Rule, by law, “applies only to covered entities – health plans, health care clearinghouses, and certain health care providers.” – HHS.gov website However, these covered entities may use other business or people to perform their services, who have not previously been covered or needed to be covered by the HIPAA Privacy Rule. Under new rules for HIPAA Compliance, those third-party businesses or people, business associates, must prove they too are HIPAA Compliant.
Am I a Business Associate?
A business associate is defined as “a person or organization, other than a member of a covered entity’s workforce, that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information.” – HHS.gov website.
Some examples the website give for Business Associates are (this is directly copied from the site):
* A third party administrator that assists a health plan with claims processing.
* A CPA firm whose accounting services to a health care provider involve access to protected health information.
* An attorney whose legal services to a health plan involve access to protected health information.
* A consultant that performs utilization reviews for a hospital.
* A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.
* An independent medical transcriptionist that provides transcription services to a physician.
* A pharmacy benefits manager that manages a health plan’s pharmacist network.
Covered entities need to have a contract with their Business Associates describing what the permitted and required uses of protected health information are and how the business associate safeguards that information to prevent use or disclosure that is not outlined in the contract.
If you’re an attorney, hospital consultant or CPA firm, ask SecurShred for ways to protect sensitive health information in your systems to ensure you’re in compliance with the new HIPAA Privacy Rules for Business Associates.