Health Information Compliance Alert

Vet Your Vendors in 2019

Published on Mon Jan 14, 2019

PDF

Tip: Research your associates’ compliance records.

Healthcare providers engage with all sorts of business associates (BA) to ensure that their day-to-day operations run smoothly. Many of these partners utilize patients’ protected health information (PHI). That’s why it’s critical that you scrutinize your potential BAs’ compliance history thoroughly before you enter into a new contract.

Context: The physician contractor provider, Advanced Care Hospitalists PL (ACH), neglected to look into the background of an individual, who operated as part of Doctor’s First Choice Billings, Inc. (First Choice) without the biller’s knowledge or permission, mentioned an HHS Office for Civil Rights release. After more than 8,000 individuals’ data was visible on the Internet, the feds investigated and discovered the individual’s falsehood (see related story, p.1).

ACH didn’t properly vet the BA, nor write up a business associate agreement (BAA) — and, unfortunately, paid a steep price for its negligence. ACH’s troubles highlight that lack of protocols only exacerbate a violation.

“A robust compliance plan must include relevant, mandatory policies and procedures, as well as an evolving and up-to-date risk analysis in order to maintain compliance,” explains attorney John E. Morrone, a partner at Frier Levitt Attorneys at Law in New York City.

Those vital policies must include concise language on vendor and BA vetting, too.

Consider asking these questions to ensure your BAs are HIPAA-compliant and on the up-and-up:

What HIPAA Rules’ safeguards do you employ to protect PHI/ePHI?
Is it possible to review your HIPAA-compliance record?
Are you willing to enter into a business associate agreement (BAA)?
What tools and services do you offer?
Do you perform an annual audit and analyze your risks?
How do you manage your compliance issues?
What kind of training and vetting do your employees undergo?
What are your policies, procedures, and protocols for a HIPAA breach?

Tip: If you are in the market for a new biller, cloud provider, or coding consultant, look for BAs and vendors that can meet the demands of your practice — and your wallet.

Health Information Compliance Alert

Case Study:
Don't Do Business Without a BAA — It's Just That Simple
Manage risks, or fines will ensue, OCR case suggests. If you’re weighing the costs of [...]

Vet Your Vendors in 2019
Tip: Research your associates’ compliance records. Healthcare providers engage with all sorts of business associates [...]

Texting:
Set Practice Texting Guidelines to Avoid HIPAA Pitfalls
Tip: Review the rules before you set up your policies. As texting becomes an increasingly [...]

Toolkit:
Get Ready for New HHS Guidance on Cybersecurity
Tip: One size does not fit all when it comes to cybersecurity planning. There’s no [...]

Trends:
Consider These New Technologies to Boost Your Practice IT in 2019
Blockchain has the potential to transform healthcare, experts suggest. Are you trying to improve your [...]

Reader Question:
Apply HIPAA to BAs Beyond Borders
Question: Our practice uses a small cloud services provider (CSP) based in Canada to store [...]

Industry News:
Feds Change to Merit-Based Appointments for ALJs
Administrative law judges (ALJs) are part of HHS and preside over agency cases and disputes [...]

Industry News:
CMS Transitions to New QPP Data Management System
The window is now open for eligible clinicians to submit their 2018 Quality Payment Program [...]

Industry News:
New Listservs, Same Information
CMS updated the look of its Promoting Interoperability (PI) programs’ and Quality Measurement & Value-Based [...]

View All