Tips to get your business associates to comply with HIPAA
HIPAA Weekly Advisor, July 20, 2009
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Your business associates (BAs) must comply with the HIPAA Security Rule beginning February 18, 2010.
That mandate is part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, signed into law by President Obama February 17, 2009.
If complying with the HIPAA Security Rule sounds like a large task for, say, a small billing and coding company, well, that's because it is. So where do your BAs begin? Hopefully, they've already started.
Here are two tips you can share with your BAs to get them ahead of the February 2009 HIPAA compliance deadline:
Perform a risk assessment. Determine your primary vulnerabilities. "Find what your biggest threats to the security of your PHI are," says Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, privacy, security, and compliance consultant at Rebecca Herold & Associates, LLC, in Des Moines, IA. "You need to know where you are before you begin to form your policies and procedures. Check on the last time you had a security assessment, if ever, and start from there."
Make your own way. As a BA, you must understand you are responsible for your own compliance program, regardless of contract terms with a covered entity, says John R. Christiansen, an information technology lawyer at Seattle's Christiansen IT Law.
"You need to be responsible for your own security program with HIPAA," says Christiansen, chair of the newly formed HITECH Business Associates Task Force of the American Bar Association's Health Law Section and the HITRUST Business Associates Working Group of the Health Information Trust Alliance.
Do not simply accept what is thrown your way, he says. "Your program should be built based upon your organization's own unique risks," says Herold. "That's what your risk assessment will reveal."
Editor's note: These tips were taken from the HCPro, Inc. white paper, Business Associates and HIPAA: What BAs need to know to comply with HIPAA privacy and security rules. Download a free copy of the full white paper. Sign up for HCPro, Inc.'s July 29 audio conference, Business Associates and Covered Entities: Adapt Contracts to Comply With New HIPAA Law.
These tips also appeared in a HealthLeaders Media article by Dom Nicastro.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- HIPAA Q&A: Level of encryption needed for email
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Identify potential Medicaid RAC target areas
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- CHANGES COMING: Key differences in nationwide rollout
- Searched