Don’t make extra work for yourself under HIPAA regs.
Question: Who must I have a business associate agreement with under HIPAA? Does our office cleaning service count?
Answer: One of the main changes that the HIPAA program updated during its HITECH Final Rule (which takes effect Sept. 23) is that business associates are more accountable than ever under HIPAA. Both business associates and their subcontractors will have to maintain protected health information just as your agency would. Your business associates typically include entities such as your billing service or your offsite coding contractors, for instance.
But how broad is the "business associate" label? Does it expand to your office’s cleaning service? "Business associate agreements include organizations that may create, receive, maintain or transmit health information," Jim Sheldon-Dean, director of compliance services at Lewis Creek Systems, shared during a recent Coding Institute audioconference, "The HIPAA Audit Protocol — Documenting Compliance Before You Get an Audit Notice." Since your cleaning staff is not accessing health information in any way, they won’t typically be considered "business associates."
"The cleaning staff should be under a confidentiality agreement but not necessarily a business associate agreement," Sheldon-Dean advises. "If you start asking your cleaning staff to look in the waste baskets and bring you any pieces of paper that have health information as kind of a compliance check, then they are doing something with PHI on your behalf and they’d be a business associate."