Medical and dental offices, insurance companies, and other entities that collect and process medical information from patients are required to comply with the Health Insurance Portability and Accountability Act (HIPAA). This law is designed to protect the privacy of medical information.
Who Is a Business Associate?
Medical providers often work with business associates who assist them with their operations. A business associate is a person or entity that creates, receives, maintains, or transmits protected health information while providing services on behalf of a covered entity. This can include companies or individuals who provide billing, coding, transcription, marketing, information technology, document destruction, data storage, legal, accounting, and other services. Business associates must also comply with HIPAA. Failure to do so can result in large fines.
How Does HIPAA Apply to Business Associates?
Many medical providers require business associates to sign agreements formally stating that they are business associates governed by HIPAA. They are required to keep protected health information private and only use it for specific purposes. If a business associate uses subcontractors, the subcontractors must also comply with HIPAA.
In order to maintain HIPAA compliance, business associates must follow many of the same policies to protect health information that doctors, dentists, and insurance companies follow. They may not use or disclose any protected health information unless it is for a specific allowable purpose.
Business associates must comply with HIPAA’s Security Rule. They must complete a risk analysis of their information systems to identify any risks so they can be addressed. Business associates must put administrative, technical, and physical safeguards in place to keep data safe and maintain written security policies. Business associates are also required to train their employees in HIPAA.
HIPAA’s Privacy Rule does not require business associates to respond to violations, but business associate agreements can. If the business associate identifies a data breach, it must report it to the covered entity. A prompt response to a HIPAA violation can prevent the problem from getting worse and protect the covered entity from fines and other penalties.
ASG Information Technologies Can Help with HIPAA Compliance
Complying with HIPAA is a major responsibility of health care providers and business associates who work with them. Failing to comply with HIPAA can lead to fines as well as damage to the company’s reputation, not to mention potential identity theft and fraud. ASG Information Technologies has helped many health care providers and business associates comply with HIPAA. Contact us today to learn more about how we can help you.