Here at Compass, we have seen a huge upswing in the number of HIPAA / HITECH risk assessments we have been conducting over the last year. Covered entities (Doctors, Hospitals, Pharmacies) and health plans are obviously storing PHI (protected health information) and ePHI (electronic protected health information) on behalf of patients, however, there has been a huge upswing of assessments around “Business Associates”. According to the Health and Human Services website, a business associate is defined as, “a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity”. Because of the outsourcing of everything from IT support to call center management, many companies now encounter both PHI and ePHI as part of their jobs, and clients are asking they go through a HIPAA Risk assessment.
If you have read the news lately on Healthcare and specifically HIPAA, you probably saw references to a recent HIPAA settlement between Memorial Health Systems of Florida and the Department of Health and Human Services (HHS). I’m sure the amount of the settlement caught your attention- a whopping $5.5M! You probably also noticed the reason for the fine: Lack of Audit Controls. With a fine of that caliber, it’s important to know what are the audit controls when discussing HIPAA Compliance?
If you work in the healthcare industry, there is zero doubt that you have heard about HIPAA Compliance thousands and thousands of times. The importance of keeping electronic protected health information confidential is pounded into us on a daily basis and for good reason. But what is HIPAA Compliance? We all know that it is a Federal Regulation specific to two types of organizations:
This is a guest post that was written by April Arruda, CPA from DiSanto, Priest, & Co. in Warwick, RI. DiSanto, Priest, & Co. is a professional advisory firm that has been in business for over 50 years providing a range of services to their clients. These services include Accounting and Assurance, Tax Planning and Compliance, Management Consulting, and Business Advisory services. For more information, please visit the DiSanto, Priest, & Co. website at http://www.disantopriest.com or by calling them at (401) 921-2000.
HIPAA is in the news all the time. Whether it is the tragedy that struck Orlando last weekend, the news of the HIPAA Audits coming, or a new healthcare breach being reported, we are constantly bombarded with why HIPAA compliance is critical. As with any organization, protecting and safeguarding the sensitive information that you possess is not only essential, it is your responsibility to the customers that you serve. This sensitive information can be a variety of different types, from personally identifiable information like your name, address, email address, and answers to security questions, to credit/debit card information, to protected health information. What makes Healthcare Organizations, both covered entities and business associates unique, is that they possess all of the information above. A covered entity has a significant amount of data on a patient, not only their PHI but also their PII and payment information (in most cases). When you think about it, that is a significant amount of information for one organization to hold and be responsible for.