Can an addendum make an existing BA contract HIPAA-compliant?
HIPAA Weekly Advisor, May 3, 2002
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: Can we add an addendum to an existing business associate contract to make it HIPAA compliant? Who will audit our organization's HIPAA compliance?
A: There are two ways you can go with this. You can renegotiate a brand new contract, or take an otherwise good contract and add an addendum to it with the additional elements required by the privacy rule.
The route you choose will depend on how happy you are with the existing contract. If it's a fairly flawed contract and there are other things you need to change, you'll want to sit down, open it up, and do it right from the beginning. But there's no reason why you can't take a good, solid contract that both parties are happy with and simply tack on an addendum that both parties sign.
Look at the quality of the contract and choose your best option.
Q: Who will audit our organization's HIPAA compliance?
A: The Department of Health and Human Services (HHS) has told us the Office of Civil Rights (OCR) will be responsible for enforcement. There aren't enforcement regulations out yet, but the OCR is hiring people, so they've got something in the works.
OCR's plan at this point is not to go out and conduct routine surveys looking for violations. OCR plans to be complaint-driven. In other words, if a patient writes into them or calls, they might make a call, look at the paperwork, or make a visit.
That could change once we get the enforcement regulations, but that's what their personnel are saying at this time.
Editor's note: Answered by Jill Callahan Dennis, JD, RHIA, principal of Health Risk Advantage in Denver, and adapted from The Greeley Company's April 17 audioconference, "12 Months to HIPAA Privacy: Project Planning for Compliance." The Greeley Company is a division of HCPro in Marblehead, MA. Go to http://www.hcmarketplace.com/product.cfm?ID=14142 to order an audiocassette of the conference.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched