Every Business Associate should be aware that the Health Information Technology for Economic and Clinical Health (HITECH) Act, embodied as part of the American Recovery and Reinvestment Act of 2009 (ARRA), requires all Business Associates to adhere to all applicable provisions of the HIPAA Privacy Rule and Security Rule by statute, effective February 18, 2010. They must also have a current Business Associate Contract in place with each Covered Entity that includes all the same terms and conditions. Typical business associates include medical billing, medical transcription, EMR solution provider, potentially their information technology vendors & many more. HITECH and the new Omnibus Rule are now giving stronger emphasis to pro-active audits and more aggressive investigation and enforcement activities by OCR. The Omnibus Rule (2013) also provides implementation guidance for these requirements but does not change or lessen any of them. Many BAs are still not compliant with HIPAA/HITECH and the Omnibus Rule. As such, they are at great risk of being found in violation and being penalized. Civil penalties include contract termination, civil penalties or monetary settlements, and lawsuits, with fines ranging as high as $1.5 Million dollars per type per occurrence. Criminal penalties are also possible and can be as lengthy as 5 to 10 years in prison, with fines as high as $250,000 for the most severe infractions.
For companies who are business associates of covered entities, it is recommended that you take advantage of our HIPAA Compliance Software. This tool will help you to create required privacy and security policies and procedures, conduct a risk analysis, create your disaster recovery plan and emergency mode operations (business continuity) plan and establish your HIPAA audit program. We also recommend our HIPAA Compliance Manual. The manual will help you understand HIPAA/HITECH requirements and understand why you need to comply with HIPAA and HITECH. The manual also includes information about compliance requirements for business associates.
If you are in search of HIPAA experts to provide on-site compliance assistance, feel free to ask for a no-obligation proposal to assist your company meets the HIPAA and HITECH compliance requirements. This will assist you and your staff spends more time concentrating on business activities and less time worrying about compliance.
View the Enforcement Interim Final Rule.
Call Bob Mehta at Supremus Group today on (515) 865-4591 or email at Bob@HIPAAcertification.net