Risk Advisory Services Blog

HIPAA HITECH Compliance: HIPAA Reform, Part One

Previously HIPAA was only enforced at the Covered Entity level, (e.g. Hospitals, Insurance Companies, Healthcare Providers, etc) and the covered entity may have had contractual obligations with their third party providers. New provisions include "Business Associates" in the compliance regulations. These BAs are considered to be any organization that’s responsible for the storing, accessing, or processing of Protected Healthcare Information (PHI) and normally includes organizations such as third party data centers, third party administrators (TPA), vendors used to process health data, courier services, and many more.

What is required of Business Associates?

Compliance with HITECH, which includes the HIPAA security rule and breach notification requirements.  This can be a daunting task for some service organizations, as the HIPAA security rule  is organized into three categories (1. Administrative Safeguards; 2. Physical Safeguards; 3. Technical Safeguards) and within these three categories there are 18 standards and 36 implementation specifications (implementation specifications are similar to controls or safeguards).    The HITECH act imposes penalties for noncompliance due to willful neglect and authorizes Health and Human Services (HHS) to investigate any complaint of suspected noncompliance.  In the event of noncompliance, the violating party may be subject to civil monetary penalties that can range from $100 to $1,500,000 per violation.  HITECH also requires HHS to perform random audits to ensure that covered entities and business associates are in compliance.

What can you do?

Perform a risk assessment and compare your internal controls and procedures against the HIPAA security rule and Breach notification requirements. Identify non compliance issues and implement a plan to make your organization conforming to HITECH.

Want more information on HIPAA HITECH Compliance? Please post a comment below or contact our Risk Advisory Services Group at 440-449-6800.

Looking for additional ways to grow your business? Visit us at www.skodaminotti.com. Or, subscribe to the Skoda Minotti Blog, follow us on LinkedIn, Twitter @skodaminotti, and Facebook or simply contact us at any one of our four office locations: Cleveland, Akron, Westlake or Tampa.

This entry was posted in Risk Advisory Services. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.
© Copyright 2016 Skoda Minotti | Privacy Policy | Disclaimer | Remote Support
Cleveland 440-449-6800 | Akron 330-668-1100 | Tampa 813-288-8826
Website designed and developed by Skoda Minotti Strategic Marketing