HIPAA Considerations

In March of 2013 new rules went into effect for HIPAA compliance.  Their emphasis was primarily defining the role of the Business Associate, those non-employee people and organizations that do work for you.  Briefly stated, anyone who regularly comes into contact with protected health information now must become compliant will all of the HIPAA regulations.  In addition, medical professionals must have a Business Associate Agreement in place with the business associate, that includes a statement indicating the associate is HIPAA compliant.  Why is this important?  Two reasons:
1) You will be liable for any security breaches caused by the associate
2) You will not be in compliance with the HIPAA rules

Business Associates are defined as: “a person who: creates, receives, maintains, or transmits protected health information for a function or activity regulated by this subchapter, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, patient safety activities listed at 42 CFR 3.20, billing, benefit management, practice management, and repricing; or legal, actuarial, accounting, consulting, data aggregation (as defined in § 164.501), management, administrative, accreditation, or financial services.”

There are over 40 required or addressable elements in the 2013 HIPAA Omnibus Rules that address disaster recovery, business continuity, security and more.  I encourage every health care provider – regardless of size – to investigate whether you are in compliance.

One further point, in a press release dated January 17, 2013 from the HHS Press Office, the following statement was made:

“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” said HHS Office for Civil Rights Director Leon Rodriguez. “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”

http://TechValleyContinuity.com/HIPAAHowCompliant.pdf

%d bloggers like this: