Today healthcare fraudsare so widespread and increasingly sophisticated that the federal government is doing all it can to put a stop to it. With HIPAA and HITECH Acts already implemented, medical practitioners need to ensure HITECH/HIPAA compliance at any cost, if they do not want to be on the wrong side of law.
Determine the Compliance Levels of BAs with Vendor Compliance Management Today healthcare fraudsare so widespread and increasingly sophisticated that the federal government is doing all it can to put a stop to it. With HIPAA and HITECH Acts already implemented, medical practitioners need to ensure HITECH/HIPAA compliance at any cost, if they do not want to be on the wrong side of law. Apart from medical practitioners, the HIPAA and HITECH acts are applicable to Covered Entities as well as Business Associates (BAs). The section 13401 of subtitle D (Privacy) of the HITECH Act (42 USC 17931) states that "the additional requirements of this title that related to security and that are made applicable with respect to Covered Entities shall also be applicable to such a Business Associate and shall be incorporated into the business associate agreement between the business associate and the covered entity."However, before delving further, it is important to know who all come under the categories of Covered Entities and Business Associates as per the HIPAA/HITECH acts. A Covered Entity is any of the following: A health care provider that conducts certain transactions in electronic form A health care clearinghouse A health plan BAs include but not limited to Pharmacy benefit managers Offsite backup facilities Transcription services CPA / attorney / law firms who have access to PHI Remote managed services Billing services IT Service Provider Third party administrators that assist health plans with claims processing Consultants that perform utilization reviews for a hospital Statistics show that data breaches have affected nearly 11.6 million individuals, out of which 6 million records were handled by the BAs. As per HHS, the average number of individuals per breach through the BA was 102,678. Hence, medical practitioners need to ensure that business associates and their sub-contractors are indeed HIPAA/HITECH compliant as much as they are. Otherwise, they would have to face penalty as high as $50,000 and if proven willfully negligent, the amount can go up to $ 1.5 million. In such a scenario, what the medical practitioners need is a vendor compliance management solution that helps to know the extent of compliance of BAs to HIPAA / HITECH regulatory requirements. It provides an understanding of their security and compliance levels, the risk exposure through a quick scan in an automated way. Thus by helping to resolve any processes or systems that are out of compliance, this automated IT security and compliance management solution transforms regulatory compliance from a reactive to a proactive environment. Also read more on - HIPAA and HITECH, vulnerability management, IT security and compliance
Pages to are hidden for
"Determine the Compliance Levels of BAs with Vendor Compliance Management"Please download to view full document