Health Information Management

Tips for small entities charged with HIPAA compliance

Briefings on HIPAA, May 1, 2016

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Briefings on HIPAA.

Never too small to be compliant

Tips for small covered entities charged with HIPAA compliance

"OCR has bigger fish to fry than me."

You may have heard that before—or even said it. Maybe you're an employee in a tiny healthcare facility. Or maybe you've seen the big headlines on data breaches, noted how they seem to always involve large insurance companies and massive healthcare facilities, and thought, "That won't happen to us."

Know thy BA

BAs are a part of HIPAA life—no matter how big or small your entity is. So how far should CEs go to ensure their BAs are HIPAA compliant?

Roger Shindell, CHPS, the CEO of Carosh Compliance Solutions in Crown Point, Indiana, notes that things changed in the HIPAA Omnibus Rule, HHS' biggest set of modifications to the HIPAA Privacy and Security rules per the HITECH Act. Prior to 2013, if a CE had a valid BA agreement in place, and the BA had a breach, the CE had a safe harbor exemption for the breach, he notes.

Entities are required to conduct an "accurate and thorough assessment" of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI.

BA agreements stipulate that the BA will comply with all the requirements under HIPAA/HITECH, per the HIPAA Omnibus Rule. So BAs need to be ready, just like you.

Should CEs offer training to the BAs? No, says Shindell.

"The BA has their own obligation to conduct training," he adds, "and if training is on specific policies and procedures, the CE would not know what these are and what is appropriate."

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Briefings on HIPAA.

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular