Home Health & Hospice Week
Is Your Vendor A Business Associate Under HIPAA?
Get your BA agreements in place before audits roll out.
Question: We are contracting with a new vendor. I sent the vendor a business associate agreement (BAA) to sign, but the vendor is claiming it’s not a business associate (BA) under HIPAA. The vendor will provide us with cloud storage for patient data, so I believe that the vendor is in fact a BA. Who is correct?
Answer: The vendor is a HIPAA BA if it receives, maintains, stores, accesses, or transmits health-related information in the course of providing services, according to a June 9 blog post by attorney Laurie Cohen for law firm Nixon Peabody. Further, the vendor is a BA under HIPAA if the health-related information is protected health information (PHI), as defined by HIPAA, and if that PHI originates from a covered entity (CE).
According to Cohen, at a minimum, a HIPAA BA must:
1. Develop HIPAA privacy, security, and breach notification policies;
2. Perform a security risk assessment;
3. Provide HIPAA education to its workforce; and
4. Prepare a BAA to use with its own subcontractors who receive, maintain, store, access, or transmit PHI in the course of providing services.
Any BAs that you work with must understand the requirements and their responsibilities under HIPAA. This is especially important as the HHS Office for Civil Rights rolls out its audit process later this year, which is expected to target BAs in addition to CEs, Cohen warned.
Home Health & Hospice Week
- Compliance:
MAC Backtracks On End Date Physician Requirement
Agency can include service length estimate on POC to sign, MAC allows. The new regulatory [...] - Hospice:
Hospice Concurrent Care Demo Rolls Out On Big Scale
First phase begins Jan. 1. Hospices hope a new pilot project could broaden the hospice [...] - Reimbursement:
Hospices Question Demo Pay Adequacy
Plus: Did CMS drag its feet on the concurrent care pilot? A larger-than-expected response to [...] - Hospice:
More Problems Dog MCCM Demonstration
Pilot will take a decade to show results. Money isn’t the only concern when it [...] - Diagnosis Coding:
Get Friendly With Your New ICD-10 Manual
The book may be a little thicker than your ICD-9 manual, but don’t let that [...] - Industry Notes:
Therapy-Based Denials Cost HHAs Millions In Latest Review
Do your therapy evals contain these 11 items? It’s not only high-therapy claims that will [...] - Reader Question:
Is Your Vendor A Business Associate Under HIPAA?
Get your BA agreements in place before audits roll out. Question: We are contracting with [...] - Industry Notes:
Learn Face-To-Face Compliance Tips From HHH MAC's Pilot Project
If you feel like ripping your hair out when dealing with your physicians and face-to-face, [...] - Industry Notes:
Now's The Time To Download PEPPER Benchmarking Report For Your HHA
Download your HHA PEPPER report now to see the data reviewers may use to single [...] - Industry Notes:
Beware New Hospice Denial Codes Indicating NOE-Delaying ICD-9, ICD-10 Problems
Get to know three new reason codes that will point the way to diagnosis coding [...] - Industry Notes:
New HHA Star Ratings Raise Fraud Concerns
Medicare’s newest star ratings for HHAs are getting some mainstream press attention, and it may [...] - Industry Notes:
Health System, Chain Launch Joint Venture
UC San Diego Health and Dallas-based AccentCare have created a jointly owned home health agency [...]
