As you know, HIPAA is an ever-present concern in medical practices. Many practices don’t know that they must have a ‘Business Associate Agreement’ properly signed by any business partner who has access to the personal medical information of their patients.
So, which of my vendors is a Business Associate?
Business Associates include, but are not limited to:
|Outside Billing Service||Bookkeeper|
|Computer Services (IT)||Transcription Tech|
|Consultant||Data Shredding Service|
Most Vendors who support medical offices (Covered Entities), especially those who are non-medical businesses, completely overlook the HIPAA rules. This is a dangerous mistake, as they do fall under the HIPAA-compliance umbrella. The Department of Health & Human Services defines these associated businesses as follows,
“Business associate services to a covered entity are limited to legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services.”
Any Business Partner or Vendor who has access to view, create, edit, or transmit any patient’s individually identifiable information qualifies for a Business Associate Agreement. This applies of course to medical details, but also to general personal information such as name, address, telephone number, and email address.
The HIPAA Rule reads, in part:
(g) Business Associate recognizes that, as of February 18, 2010, the administrative, physical, and technical standards and implementation specifications of the HIPAA security rule (45 CFR § 164.308, § 164.310, § 164.312, and § 164.316) apply to the Business Associate in the same manner that it applies to a Covered Entity.
(h) Business Associate recognizes that, as of February 18, 2010, civil and criminal penalties for violation of the HIPAA security rule shall apply to a BA in the same manner as they apply to a Covered Entity.
To help you protect both your business and ours please accept our availability to answer any questions you may have about the HIPAA rules.
Read more at the HHS.gov website: http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html