HIPAA Compliance Certification for Business Associates

HIPAA Compliance Certification for BA

 

          The Department of Health and Human Services has imposed its first CMP (civil money penalty) for violations of the HIPAA Privacy Rule by Cignet.  The Privacy Rule violations and the fine of $4.3 million are based on provisions of the HITECH (Health Information Technology for Economic and Clinical Health) Act.  OCR found that Cignet should willful neglect by knowingly denying patient access to their medical records when they were requested.  Had Cignet provided those 41 medical records within 30 and no longer than 60 days of the patients’ request, and had they cooperated with OCR during their investigation, they could have avoided this devastating fine.  The Director of OCR stated that DHHS will continue such investigations and the DHHS Secretary stated privacy of health information is a priority and the DHHS is serious about enforcing HIPAA Rules. 

          Subsequently, the HITECH Act not only made noncompliance more costly, but are charging BAs (Business Associates) to be statutorily responsible for HIPAA Privacy and Security Rules.  The HIPAA Administrative Simplification regulation, 45CFR160.103, defines a Business Associate as working, performing or assisting on behalf of a CE (covered entity) by using or disclosing PHI (protected health information.  Claims processing, data analysis and processing, billing, benefit management and quality assurance are some of the functions performed by a BA.  A BA is not an employee of the CE. 

          The following are examples of Business Associates:

  • A third-party administrator who assists a health plan with claims processing.
  • A CPA firm whose accounting services to a healthcare provider involves access to PHI (protected health information).
  • An attorney whose legal services to a health plan involve access to PHI.
  • A consultant who performs utilization reviews for a hospital
  • A healthcare clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a healthcare provider and forwards the processed transaction to a payer.
  • An independent medical transcriptionist who provides transcription services to a physician.
  • A pharmacy benefits manager who manages a health plan’s pharmacist network.

Achieving HIPAA compliance as a Business Associate is a necessity to stay in business and to avoid fines.  A solid business plan to achieve this is to educate your employees on HIPAA Privacy and Security Rules, use a comprehensive process that lays out a the roadmap to compliance, and have a compliance assessment by an independent third party.  Upon passing the assessment, HIPAA Training.net provides certification that your business is HIPAA compliant via a dated seal to be used for your company, services and products.  Learn more by clicking here and start the process of attaining HIPAA compliance certification today!

Advertisements

About Julie

My credentials include a Master's Certificate in Health Informatics, a CHPSE certification (Certified HIPAA Privacy and Security Expert), and certification in HL7 (Health Level 7). The multidisciplinary approach to equipping myself to enter the healthcare IT sector is consistent with my professional background in sales, management, healthcare, and recruiting. I also have a BA in Organizational Psychology from the University of Michigan, which as been invaluable in my professional life for exceling in sales, change management, and laying down an excellent foundation from which I was able to build effective communication skills with professionals of all levels.

Posted on April 6, 2011, in Education and Training, HIPAA, Training and tagged , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: