Tip: Start thinking about the security provisions of your business associate contracts
Compliance Monitor, March 10, 2004
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
The HIPAA security rule goes into effect in April 2005, and it's time to start looking at your business associate contracts, advises William P. Dillon, Esq., partner at McMorrow & Dillon, P.A., in Naples, FL. Some changes will apply. Keep in mind that any new terms apply to only to electronic protected health information (ePHI).
In addition to privacy requirements that need to be in place in your business associate contracts, you're required to include the following:
1. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect ePHI's
2. Ensure that any agents (including subcontractors) use reasonable and appropriate safeguards to protect ePHI. This may already be included in your business associate contract as part of your privacy requirement, Dillon notes.
3. Report to the covered entity any security incident of which you become aware.
4. Authorize termination of the contract by the covered entity, if the covered entity finds out the business associate is violating the terms of the contract. This also may already be in your contract under HIPAA privacy requirements, Dillon says.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- HIPAA Q&A: Level of encryption needed for email
- Identify potential Medicaid RAC target areas
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Cohesive History and Physical Requirements
- Searched