For Covered Entities: if you are a Covered Entity receiving protected health information directly from patients, you should know the basics about HIPAA compliance within your office. And if you’re using The HIPAA E-Tool® you have the best protection available. But are you aware of how important your Business Associates are to your compliance plan? It is critical that you know which of your business relationships are BA’s (some may not be). Once identified, do you have a good BA agreement in place, AND have you done your due diligence regarding their activities?
Examples of typical BA’s for healthcare providers of every size are billing and collection firms, accountants, lawyers, and electronic health records (EHR) providers. But there are likely others, depending on your practice. Basically, any person or entity with whom you do business who “creates, receives, maintains or transmits” protected health information. Excerpt from The HIPAA E-Tool® below:
Why should you care? The Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services has recently begun audits of Business Associates – if one of yours is audited and found to be non-compliant, you are liable. You can protect yourself though, by first identifying who your BA’s are, then implementing the right BA agreement, and finally by conducting the due diligence required of you to ensure they’re following the law.
For Business Associates: if you’ve gotten this far, you probably know who you are! The HIPAA E-Tool® is written with you in mind also. Everything you need is there: policies, procedures, forms, a Risk Analysis tool, the Breach Notification rule – and more.