Organizations hoping to become HIPAA-compliant business associates in 2020 will need to establish a strong compliance plan for the year, or work with a firm that can ensure that their practices align with HIPAA standards. This can open the door to a larger portfolio of healthcare clients and a year of success. Since many hospitals are penalized for HIPAA noncompliance issues, it’s best to apply HIPAA compliance solutions as early in the year as possible.
What’s HIPAA compliance?
HIPAA refers to the Health Insurance Portability and Accountability Act of 1996. It’s regulated by the Department of Health and Human Services (HHS) and is enforced by the Office of Civil Rights (OCR). Essentially, HIPAA is a series of regulatory standards that discuss how health information can be used and disclosed. Here it’s necessary that healthcare organizations implement it in order to protect the privacy and safety of all health information regarding patients.
This information is called protected health information, or PHI. which covers a wide array of demographic information that could identify a patient of a HIPAA entity. This includes medical records, Social Security numbers, phone numbers, addresses, names, medical financial information, full facial photos, and more. Protected health information covers tangible information and electronic information.
What type of companies have to comply with HIPAA standards?
Covered entities
A covered entity is any type of organization that collects, creates, or transmits protected health information. As you can imagine, that covers many organizations, such as health insurance providers, healthcare providers, healthcare clearinghouses, and more.
Business associates
This refers to any organization that interacts with protected health information while working with a covered entity. This also applies to many organizations, such as third-party consultants, IT providers, billing companies, electronic health records (EHR) platforms, cloud storage providers, accountants, faxing and shredding companies, and more.
Rules for becoming HIPAA compliant
Any organization becoming HIPAA compliant has to know a few rules. These include:
Privacy Rule
The HIPAA Privacy Rule applies to covered entities but not business associates. Essentially, the privacy rule sets a few standards, such as a patients’ rights to their protected health information, a healthcare provider’s rights to deny access to protected health information, usage of Use and Disclosure forms, and more. Organizations have to document their fulfillment of this rule, and staff must be trained according to these policies annually.
Security Rule
The HIPAA Security Rule applies to both covered entities and their business associates. It sets a standard for how protected health information is maintained, handled, and transmitted, outlining all of the safeguards for organizations to interact safely with this information.
Breach Notification Rule
The HIPAA Breach Notification Rule breaks down what actions must be taken by covered entities and business associations in the event that protected health information is breached, whether physically or electronically. This rule also distinguishes between Minor Breaches and Meaningful Breaches.
Omnibus Rules
The HIPAA Omnibus Rule is an addendum to a regulation that made it necessary for business associates to become HIPAA compliant. In part, this rule requires Business Associate Agreements (BAAs) to be created, signed, and executed between two entities before any protected health information is transmitted between them.
What does it look like to be HIPAA compliant?
HIPAA compliance improves day-to-day operations in nearly every way. These include:
- Improving and maintaining security standards
- Maintaining a good and trustworthy reputation
- Preventing data breaches or misuse of any kind
- Differentiating from non-complaint competition
These also set a standard for both covered entities and business associates on issues including self-auditing to ensure compliance, remediation plans to address gaps in compliance, training to uphold compliance, and documentation as proof.
Contact
At Scale Technology, it’s our job to manage the confusing and ever-changing regulations so you can focus on what matters: your business. Rather than redirect your in-house team to figure out the particulars, you can team up with Scale, and let us handle the heavy lifting for you.
If you’re interested in learning more about our HIPAA compliance solutions, call us at (501) 213-1732, or just request a consultation to get started today.
