38 results.
Update on Business Partner/Associate Agreements (HIPAA on the Job)
Author: Cassidy, Bonnie S.
Source: Journal of AHIMA
Publication Date: November 2000
If you're wondering how to interpret the proposed privacy and security rules related to HIPAA, you're not alone. The requirements of these rulesand the similarities and differences between themare surrounded by confusion and controversy.
Having recently attended AHIMA's....
United under HIPAA: a Comparison of Arrangements and Agreements (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: September 2002
The HIPAA transactions, security, and privacy regulations identify five agreements and relationships that can be established between healthcare entities to achieve economies of scale and lessen HIPAA's administrative burden. They are: affiliated covered entity (ACE)
business associa....
Understanding Chain of Trust and Business Partner Agreements (HIPAA on the Job)
Author: Cassidy, Bonnie S.
Source: Journal of AHIMA
Publication Date: October 2000
Confused about the differences between privacy and security? You’re not alone. Combine these with the jargon-laden chain of trust and business partner agreement issues, and a whole new set of questions about HIPAA implementation emerges.
Privacy, pursuant to HIPAA, addresses the righ....
Tough Compliance Questions to Ask Your Business Associates
Author: Klasa, Marge
Source: AHIMA Convention
Publication Date: October 21, 2005
Introduction
Maintaining the privacy and security of patient health information (PHI) is not only best practice, it is a HIPAA mandate for all Covered Entities (CE).1 But how does the CE know if its Business Associates (BA) and vendors agree to protect and secure patients’ PH....
Top HITECH-HIPAA Compliance Obstacles Emerge: Analyzing lessons learned from six months of Omnibus Privacy Rule implementation efforts
Author: Butler, Mary
Source: Journal of AHIMA
Publication Date: April 2014
Have a spare 32.8 million hours? The US Department of Health and Human Services (HHS) sure hopes so.
As noted in the Federal Register, that figure is the total number of hours the HHS Office for Civil Rights (OCR) estimated it would take all HIPAA-covered entities combined....
The Privacy Mindset: Setting Better Boundaries with Third-Party Record Reviewers
Author: Derlink, Amy L; Schembari, Elaine
Source: Journal of AHIMA
Publication Date: March 2012
Responding to an audit can be hectic and stressful, but HIM professionals must remember to hold external record reviewers accountable to good privacy and security practices.
When you visit the hair salon, take an exercise class, or sit across from a financial planner, you expect them....
The Omnibus Arrives: OCR Issues HITECH-HIPAA Final Privacy Rule
Author: Rode, Dan
Source: Journal of AHIMA
Publication Date: April 2013
The Office for Civil Rights (OCR) has published the long-awaited final omnibus rules covering many HITECH Act requirements in the January 25, 2013 Federal Register (78FR5566). The rule is officially titled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notific....
Special Considerations for Business Associate Agreements: Substance Abuse Treatment, Federal Law Present Challenges
Author: Haines, Pamela T.
Source: Journal of AHIMA
Publication Date: April 2004
If you are writing business associate agreements for a healthcare provider these days, you have probably discovered there are often no magic words or formulas that will produce an agreement. Although sample forms available from various sources may be helpful, generally no two business associat....
Seven Select Questions to Ask Your Privacy Officer (Or Yourself)
Author: Downing, Katherine
Source: Journal of AHIMA
Publication Date: April 2014
On January 25, 2013, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published the long-awaited HITECH-HIPAA Omnibus Final Rule in the Federal Register. As anticipated, the Omnibus Rule includes some of the most significant changes to patient priva....
Reduce BA Risk Through Due Diligence and Documentation
Author: Twiggs, Mariela; Goldstein, Sara
Source: Journal of AHIMA
Publication Date: October 2016
Healthcare provider organizations rely on a variety of entities to help them carry out healthcare activities and functions. If these entities create, maintain, or transmit protected health information (PHI) on behalf of a provider organization, they are considered a business associate (BA....
Reassessing Privacy and Security Compliance: ARRA Provisions Require Organizations Re-examine Procedures and Training
Author: Rode, Dan
Source: Journal of AHIMA
Publication Date: October 2009
Training and Retraining Needed
The addition of new federal privacy and security provisions does not relieve covered entities of their ongoing HIPAA training requirements. Entities must continue to provide HIPAA training to “employees, volunteers, trainees, and other perso....
Putting It in Writing: Updating BA Agreements to Cover Breach Notification
Author: Hjort, Beth M.; Rhodes, Harry B.
Source: Journal of AHIMA
Publication Date: June 2010
When ARRA extended sections of the HIPAA privacy and security rules to cover business associates (BAs), it created a seismic shift in their contractual relationships with covered entities (CEs). Further, the changes became effective simultaneous with other ARRA amendments that require CEs and....
On the HIPAA Hook
Author: Hicks, Andrew
Source: Journal of AHIMA
Publication Date: April 2014
Some healthcare business associates are still asking if HITECH-HIPAA impacts them. The answer is just as important to their affiliated healthcare providers.
Thousands of companies are now legally obligated to comply with the HITECH-HIPAA regulations because of their busines....
Mind Your Business Associate Access: Six Steps
Author: Sullivan, Tori E.
Source: Journal of AHIMA
Publication Date: October 2002
It's April 10, 2003, and a privacy officer is reviewing her policies for the imminent privacy regulations, title II of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The compliance deadline is April 13, 2003, and she is already feeling stressed about meeting the date.....
Make Your Telecommuting Program HIPAA Compliant (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: February 2002
An increasing number of healthcare workforce members are telecommuting. As transcriptionists, coders, customer service representatives, and others are working from home, many providers are weighing the benefits against potential privacy and security risks.
Who Is Working from Home....
Journal Q&A (4/02)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: April 02, 2002
Q: I have been asked to identify all of my organizations business associates so we can update their contracts prior to the April 2003 HIPAA privacy rule compliance date. Unfortunately, existing contracts are not maintained in one place. How should I tackle this project?
A: At....
Journal Q&A (3/02)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: March 02, 2002
Q: We have a transcriptionist who picks up tapes, transcribes them off-site, and returns them each day. Is this practice legal under HIPAA?
A: The HIPAA privacy rule does not prohibit the use of tapes for dictation, nor the use of an outside transcription vendor. The privacy rule do....
Identifying Your Business Associates Under the HIPAA Privacy Regulations
Author: Roach, Michael C.
Source: In Confidence (newsletter)
Publication Date: November 02, 2001
The HIPAA privacy regulations require that covered entities have written agreements in place before disclosing protected health information (PHI) to business associates.1 The regulations also require specified provisions be included in business associate agreements (BAAs).2 Most likely none of....
HIPAA: It's Different for Manufacturers
Author: Humphrey, Heather L.
Source: Journal of AHIMA
Publication Date: February 2005
A few years ago, the Y2K crisis refocused the data world. Suddenly medical device manufacturers saw the inherent risks data brought to the business industry. What began with answering a simple question about date functionality quickly moved to conversations about personal information, its appr....
HIPAA Implications for Your Social/Human Service Program
Author: Reeder, Linda
Source: AHIMA Convention
Publication Date: September 23, 2002
HIPAA Changes Call for Revising BA Agreements
Author: McDavid, Jan P
Source: Journal of AHIMA
Publication Date: May 2013
Business associates (BAs) of HIPAA-covered entities like hospitals and doctor's offices should already be intimately acquainted with HIPAA's privacy and security regulations. BAs should already have business associate agreements with every covered entity with whom they work and assume resp....
Healthcare Breach Management: Business Associate Agreement Addendum
Author: Hjort, Beth M.; Rhodes, Harry B.
Source: AHIMA Advocacy and Policy
Publication Date: January 22, 2010
Guidelines for Determining Business Associate Agreements
Author: Thomason, Mary
Source: AHIMA sample form
Publication Date: November 21, 2002
Guidelines for a Compliant Business Associate Agreement - Retired
Author: AHIMA
Source: AHIMA practice brief
Publication Date: November 2013
This 2013 practice brief version has been retired and is retained here for historical purposes. Read the 2016 updated version of this Practice Brief here.
The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 defines a "business....
Guidelines for a Compliant Business Associate Agreement (2016)
Author: AHIMA Work Group
Source: AHIMA practice brief
Publication Date: October 2016
This update supersedes the November 2013 practice brief, Guidelines for a Compliant Business Associate Agreement.
The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) defines a "business associate (BA) as a person or entity that performs....
Evaluating Business Associates: What You Should Look For
Author: Mandell, Steve; Manny, Barbara
Source: AHIMA Convention
Publication Date: September 23, 2002
Ensuring Your Business Associates Provide ‘Satisfactory Assurances’
Author: Lewis, Sharon; McLendon, Kelly
Source: Journal of AHIMA
Publication Date: October 2015
HIPAA uses the term “satisfactory assurances” four times in the text of its Privacy and Security Rules. Each time the statement is used it describes a covered entity’s (CE) responsibility to obtain satisfactory assurances from a business associate who creates, receives, maintains, or tran....
Doing Business in the New Healthcare Privacy Era
Author: Jones, Rhys W.
Source: In Confidence (newsletter)
Publication Date: January 02, 2001
Background
The Health Insurance Portability and Accountability Act (HIPAA) and its related transaction, security, and privacy regulations apply directly to certain entities, but not to all recipients of health information. The regulations define three classes of “covered enti....
Controlling PHI Flowdown and Record Copying under HIPAA
Author: Hjort, Beth M.
Source: In Confidence (newsletter) | AHIMA Q and A
Publication Date: September 02, 2001
Q: I understand that HIPAA’s privacy rule sets up expectations for covered entities to help ensure that protected health information disclosed to business associates is restricted for redisclosure. How can covered entities control them?
A: The Department of Health and Human Services rea....
Business Associate Contract
Author: Davis Wright Tremaine LLP
Source: External web site
Publication Date: April 14, 2003
Bringing the C-Suite Up to Speed on HITECH-HIPAA
Author: Butler, Mary
Source: Journal of AHIMA - website
Publication Date: April 2014
The HITECH-HIPAA Final Rule has changed the way healthcare organizations do business, and those with seats in the C-suite can’t afford to stay out of the weeds with the new regulations.
Daniel Solove, founder of the HIPAA training firm TeachPrivacy, and law professor at....
Breach Notification Triggers Receive Update
Author: Bowen, Rita K.
Source: Journal of AHIMA - website
Publication Date: April 2013
The HIPAA Omnibus Rule, the new Final Rule modifying HIPAA, was published in the Federal Register on January 25, 2013. The amended rule went into effect on March 26 and full compliance is expected by September 23. For HIM professionals, the most far-reaching of the changes to HIPAA is that....
Avoiding Liability for Business Associates' Breaches: Rule Changes Overview
Author: Tomes, Jonathan P.
Source: Journal of AHIMA - website
Publication Date: January 2014
HIM professionals and privacy and security officers are likely already familiar with their facility’s business associates. But with the recent dramatic changes to the business associate relationship in the HITECH Act and the Omnibus Final Rule, there is plenty of new ground....
Avoiding Liability for Business Associates' Breaches: Guidance
Author: Tomes, Jonathan P.
Source: Journal of AHIMA - website
Publication Date: January 2014
This is the second installment in a three-part article series on avoiding liability for breaches by business associates. This article will provide guidance on how to avoid liability for breaches by business associates.
For background on the changes to the busin....
Avoiding Liability for Business Associates' Breaches: Adjustments and Ongoing Strategies
Author: Tomes, Jonathan P.
Source: Journal of AHIMA - website
Publication Date: January 2014
This is the third installment in a three-part article series on avoiding liability for breaches by business associates. This article will discuss adjustments needed in the business associate relationship, as well as ongoing strategies for adapting to the recent changes.
....
At Your Service: Points to Consider When Using Medical Transcription Services
Author: Malone, Molly
Source: In Confidence (newsletter)
Publication Date: December 02, 2003
The electronic transmission of healthcare information and outsourcing transcription is becoming commonplace. While many had previously taken the stance that “everybody’s doing it,” HIPAA has added a new dimension to the working lives of health information managers and medical transcription se....
Amending Business Associate Contracts: Harmonizing Privacy and Security for Protected Health Information
Author: Patel, Nilay B.
Source: Journal of AHIMA
Publication Date: July 2005
With the April 21, 2005, and April 20, 2006 (for small health plans) HIPAA security regulation deadlines, covered entities may question what a revised contract for a business associate (BA) should contain and how it should be executed. Official guidance is scattered in the Federal Register and....
Adapting BA Practices to Meet the Omnibus Rule
Author: McSteen, Thomas
Source: Journal of AHIMA
Publication Date: September 2013
The 2013 HIPAA Omnibus Rule marks a key milestone for implementation of the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH). One of the most far-reaching impacts of HITECH and the Omnibus Rule is that business associates (BA) and their subcontractors now mu....