For a business like medical transcription, medical billing, pharmaceutical sales representatives, record storage, insurance brokers, TPAs, software companies, collection agencies, attorneys, answering services, consultants, actuaries, medical device manufacturers, marketing, cleaning services, medical couriers, a recycling company and many more
Who is a “Business Associate Under HIPAA Rules”?
A “Business associate” is someone or an entity whose role in a health organization involves disseminating or using protected health information either as a service or on behalf of a covered entity. However, it is important to note that a covered entity member is not necessarily a business associate. In fact, a business associate can be a covered healthcare provider, healthcare clearinghouse, or health plan of another covered entity. There is a list of privacy rules that will mention all the functions and roles of a business associate including services involving the handling of eHealth information. There are various factors that will determine if an entity or individual is a business associate and this will include the activities of healthcare operations, payments, and any other activity under the jurisdiction of the Administrative Simplification Rules.
Some of the functions of a business associate are:
- Administration and processing of claims
- Analyzing data, administrations, reviews on utilization, billing processes, quality assurance, repricing as well as practice management.
Most services offered by business associates will be; actuarial, consulting, managerial, administrative, accounting services, accreditation, financial, and data aggregation. Otherwise, the business associate definition can also be found at 45 CFR 160.103.
Which are the types of HIPAA Business Associates?
- A third party administrator who assists a health care entity in the processing of claims
- An accounting firm whose involvement in a healthcare facility deals with the handling of protected eHealth information.
- A legal representative whose services involve the handling of protected eHealth information.
- An attorney whose legal services to a health plan involve access to protected health information
- Consultants who carry out utilization reviews for a health entity.
- Healthcare clearinghouses that assist in translating claims from non-standard formats to standard transactions on behalf of a healthcare entity and then forward processed transactions to payers.
- Independent medical transcriptions that provide transcription services to medical practitioners.
- Manager to pharmacy benefits who manages the network of the health plan’s pharmacist.
Business associates should ensure that they are Health Insurance Portability and Act (HIPAA) compliant in regards to the legal specifications laid out by the Federal stimulus Package or the Federal American Recovery Reinvestment Act (ARRA) and this should also include information technology and medical billing related to PHI. So far, as of February 17, 2010, all business associates should abide by HIPAA rules and regulations or else will be answerable to all criminal charges stipulated in the rule.
In the event, a covered entity shares EPHI with a business associate both should get into a Business Associate agreement which would normally require the business associate to retain the confidentially of the information shared. However, a business associate is normally liable to penalties related to breach of the contract agreements but not sanctions placed by the federal government.
On the other hand, penalties included for breaking HIPAA rules on handling PHI will comprise criminal liability and federal monetary fines. It is also important to note that the law also demands that the Department of Health and Human Services (DHHS) conduct audits on Business Associates and Covered entities to ensure they are HIPAA Compliant. In other words, as a business associate, you must understand the importance of being compliant.
According to the revisions done on HIPAA Law in 2009 in respect to business associates, were very stringent penalties for violations of this law. Actually, the penalty fines can go as high as $1.5m per year and in some instances, it may also include serving a jail term for very serious offenses.
There are two different packages that we offer to business associates to assist them in being compliant.
Business Associate Compliance Tool
We also do offer HIPAA Certifications for products used by the healthcare sector and for business associates. Considering a number of covered entities normally ask or demand HIPAA Compliance certifications or evidence related to that then know that our HIPAA certifications should help you achieve this.