Practices should double-check their Health Insurance Portability Act (HIPAA) compliance measures, as federal regulators have been cracking down on business associate agreements (BAAs) that fall short of current requirements.
A recent $400,000 settlement between federal regulators and a business associate of several covered healthcare entities should be a wake-up call to practices that deal with third parties, according to an article in Physicians Practice. Common business associates for physician practices include billing companies, IT professionals and attorneys. Regulatory burdens such as HIPAA compliance can be so cumbersome that practices may be tempted to cut corners when it comes to reviewing their adherence to best practices, as FiercePracticeManagement has previously reported. That includes keeping tabs on areas involving third-party services, such as social media.
The recent federal crackdown underscores the importance of keeping appropriate documentation in place to support compliance with all current revisions of regulatory rules, including reviews of BAAs with third parties, according to the article. Here are some steps practices can take to ensure they remain ready for a regulatory review:
- List all of the practice’s business associates, as defined by federal regulations. Make sure to include any entities with the potential to gain access to protected health information.
- Review the list of business associates against BAAs the practice has on file to ensure all third-party organizations are properly accounted for.
- Check with all third-party BAAs to ensure any organizations to which they subcontract services are properly covered by your practice’s agreements.
- Ensure all BAAs comply with the latest revisions to regulatory rules.
- If your practice does not have one already, implement a process that ensures BAAs get set up and maintained properly. The process should include periodic reviews executed by designated individuals, ensuring all documents get updated or replaced in a timely manner.
The article notes that while such preparations require time and resources, their legal and financial value in the event of an audit can be significant.