Confidentiality and patient protection are a critical concern for all healthcare providers today. With strict privacy laws in place, healthcare providers HIPAA compliance is something that every practice and service must follow or face severe penalties. Yet these privacy laws extend to more than just those working within a certain medical practice itself.
Healthcare providers attorneys explain that providers are responsible not only for the compliance of their own employees, but also any business associates with which they work.
Patient Confidentiality and Business Associates
HIPAA laws outline in very careful detail how medical practices and other healthcare providers are to maintain patient confidentiality. Doing so can be challenging enough within the closed system of an organization; however, healthcare providers attorneys stress that most providers do not actually work within a closed system. Most providers utilize the services of a number of professionals they do not directly employ.
Initially, HIPAA did not specify any requirements regarding business associates and subcontractors. In January of 2013, HIPPA was amended to include changes outlined by the Health Information Technology for Economic and Clinical Health Act (HITECH Act), naming business associates and subcontractors as additional entities requiring compliance on behalf of the healthcare provider working with them.
Current confidentiality laws now state that healthcare providers HIPAA compliance also extends upon the work of business associates and subcontractors with access to patient information.
What Is A Healthcare Business Associate?
Compliance with the amended HIPAA law requires that all providers understand what parties are considered “business associates” and ensure that such services operate in compliance with HIPAA regulations. Business associates are defined as professionals and organizations who have access to a provider’s confidential patient records for use in providing contracted external services.
These entities include various third party services, e-prescribing services, data storage facilities, healthcare providers attorneys, billing, claims processing, and practice management services as well as other parties. If the party receives, transmits, or otherwise utilizes a practice’s confidential patient information in any way, they are considered to be a business associate.
Certain subcontractors of medical professional services are also named. Depending upon the type of business relationship, some may fall under a practice’s compliance requirements, while others are required to practice compliance individually.
Implications for HIPAA Compliance
Based on these new regulations, medical businesses must be extremely careful about the outside parties they contract with, as they could be liable for information breaches executed by other organizations. To maintain healthcare providers HIPAA compliance, a business must investigate all associates and subcontractors for compliance before entrusting them with any services.
A company must also obtain compliance agreements from these entities stating they acknowledge HIPAA regulations and will operate within their parameters.
The critical concern of all providers should be that healthcare providers HIPAA compliance extend far beyond the individual service itself. Healthcare providers attorneys warn that medical and health businesses must protect themselves by ensuring the compliance of business associates as well. It is suggested that providers discuss their operations with attorneys who can help them identify and resolve privacy risks to avoid facing any penalties.
The Stevenson Law Firm, PC
6302 W. Broadway, Suite 120
Pearland, TX 77581
Phone: (832) 481-4548