Learning how to manage the HIPAA Business Associate process is important

Most healthcare providers or organizations that are described as Covered Entities by HIPAA, engage vendors as HIPAA Business Associates for carrying out many of their services on their behalf. HIPAA defines a Business Associate as a person or an entity who carries out some or all functions or activities that involve the use or disclosure of Protected Health Information on behalf of, or of providing services to a Covered Entity.

The practice of choosing vendors is fairly common in this industry because of the many benefits it brings. Although fairly prevalent; managing this process can be confusing. This is despite the fact that HIPAA requires them to enter into Business Associate Agreements (BAA’s), which are agreements aimed at ensuring safeguarding of PHI. A healthcare organization or individual that enters into a BAA is obliged to comply with the HIPAA Security Rule and Privacy Rule.

It is important to choose the right BA

With such a major role being expected of the BA; Covered Entities have to show complete diligence in choosing the right one, for this is the only means to ensuring compliance with the process required of the HIPAA Security Rule and Privacy Rule. Any small noncompliance attracts heavy penalties for both Covered Entities and their Business Associates whenever a data breach occurs.

The only means by which Covered Entities can avoid such situations is by putting a systematic process in place for handling these business relationships. The proper access and protection of a healthcare organization’s Protected Health Information by the Business Associate has to be ensured by such a process.

Some of a Business Associate’s functions and activities include:

• Processing or administration of claims
• Processing of data analysis or administration utilization
• Review of the Quality Assurance billing
• Benefit management
• Practice management and repricing.

The sheer range and importance of functions and activities carried out by Business Associates necessitates a complete and thorough grasp on the part of healthcare organizations of the ways by which to identify Business Associates.

Learn the ways of getting the Business Associate Agreement right

A webinar that is being organized by MentorHealth, a leading provider of professional trainings for the healthcare industry, will impart clear understanding of all the nuances of the BAA.

Jay Hodes, who is president of Colington Security Consulting, LLC, which provides HIPAA consulting services for healthcare providers and Business Associates, who is the speaker at this webinar, will show what thinking has to go into and what processes have to be adhere to when choosing a Business Associate.

Participants will learn how they can find out if Business Associates have the necessary technical, physical and administrative safeguards needed for protecting shared Protected Health Information in place. Another important learning he will offer is on when a vendor becomes a Business Associate and how that relationship may change and impact the BAA.

Register for this webinar and get clarity on the ways of monitoring and managing the HIPAA Business Associate process.

Understanding the BAA process

The way in which the Business Associate Agreement (BAA) process needs to be understood and perceived will be explained at this webinar. There are as many as ten requirements the government expects to meet for this process. Jay will show how to put these in place. Also taken up is the issue of the use of Vendor Security Questionnaires and how to implement them. The nature and type of breaches caused by Business Associates and the ways of handling them will also be explained.

People who are involved in BAAs in one or another way, such as Compliance Officers, HIPAA Privacy Officers, HIPAA Security Officers, Medical/Dental Office Managers, Practice Managers, Information Systems Managers, Chief Information Officers, General Counsel or Lawyers, and Practice Management Consultants will gain from this webinar.

In this webinar on what a healthcare organization needs to know about its responsibilities in managing Business Associates, Jay will cover the following areas:

• How to conduct Vendor Screening
• Ten Requirements of Business Associate Agreement
• Developing and Using Vendor Security Questionnaires
• Reviewing the Questionnaires
• I Like This Vendor, but…
• Auditing Your Business Associate
• Dealing with a Breach Caused by Your Business Associate
• What are the penalties and fines for non-compliance and how to avoid them?
• Q&A.

Preparing for HIPAA Enforcement

It goes without saying that preparing for HIPAA enforcement is of crucial importance to organizations. The reason: Last year saw a spike in the settlement payments ordered by HIPAA. There were as many as seven settlements of a value of over $1 million each. Of these seven, one was for $5.5 million, another was for $3.9 million, and yet another for $2.75 million. These constituted a part of a dozen or so overall resolutions settlements. These results point to the fact that HIPAA is continuing to crack the whip as far as enforcement is concerned. This calls for a greater level of vigilance and due diligence from Covered Entities and Business Associates in meeting HIPAA regulations on Protected Health Information (PHI).

HIPAA compliance is important for many other reasons

HIPAA compliance involves two main aspects: A) Making sure that the Covered Entity and the Business Associate provide the proper patient rights and controls on how they will use and disclose PHI; and B) Putting in place proper policies and procedures. These actions show the authorities that the CE’s and BA’s have all the necessary documentation in place for safeguarding patient PHI. They also demonstrate the way in which these entities addressed all required security safeguards if they are audited or become the subject of a compliance review.

Learning on how to ensure HIPAA compliance

How do organizations do this? How do they show the HHS that they have the right procedures and processes in place to ensure safeguarding of PHI? The answers to these questions will be provided at a webinar that MentorHealth, a leading provider of professional trainings for the healthcare industry, is organizing. Jay Hodes, who is President of Colington Security Consulting, LLC, which provides HIPAA consulting services for healthcare providers and Business Associates, will be the speaker.

In order to understand the proper and thorough means by which organizations can ensure the protection of health information and to ensure that they take all the steps necessary for preventing data breaches; please enroll for this webinar. Needless to say, a thorough and complete understanding of the fundamentals of HIPAA and the ability to explain and demonstrate the organization’s compliance program is the starting point for all these. The aim of this valuable learning session is to impart a clear and proper understanding of how healthcare practices, businesses, or organizations need to prepare given the increase in recent HIPAA enforcement and to make sure their current safeguards are adequate and can withstand government scrutiny. This course is approved for 1.5 general credits from the Nevada Board of Continuing Legal Education.

Learning for those involved in protecting patient health data

Anyone involved in PHI and other aspects of HIPAA implementation, such as Compliance Officers, HIPAA Privacy Officer, HIPAA Security Officers, Medical/Dental Office Managers, Practice Managers, Information Systems Managers, Chief Information Officers, General Counsels/Lawyers, Practice Management Consultants, or any Business Associates that accesses Protected Health Information and IT companies that support Medical/Dental Practices or other Healthcare organizations, will gain immensely from this session.

At this informative and interactive course, Jay will cover the following areas:

• Why was HIPAA created?
• What are the HIPAA Security and Privacy Rules?
• What is a HIPAA Risk Management Plan?
• What is meant by “Required” and “Addressable” Implementation Specifications?
• What are Administrative, Technical, and Physical Safeguards Requirements?
• What is a HIPAA Risk Assessment?
• What are HIPAA training requirements?
• How to prevent HIPAA data breaches from occurring
• What are the penalties and fines for non-compliance and how to avoid them?
• Preparing for increased enforcement HIPAA enforcement
• HIPAA Violation Case Examples
• Questions.