- Who Needs to Be Compliant?
- The Role of the Healthcare Clearinghouse
- Interviewing Business Associates
- Making Strong HIPAA Choices
Who needs to Be Compliant?
Business associates are a catch-all group that includes any company performing a service for covered entities that exposes it to protected health information (electronic health records or other data). Covered entities include health care providers, health care plans, and health care clearinghouses. If you are a covered entity or business associate, you need to be compliant with the Health Insurance Portability and Accountability Act.
HIPAA Health Care Provider Definition
A HIPAA health care provider is an organization or individual that provides health care services and processes PHI in digital form. Examples include doctors, chiropractors, and pharmacies.
Health Care Plan Definition
A health care plan is a program set up for a person or business (such as an employer) that pays health care expenses. Examples include health insurance firms and Medicare.
Health Care Clearinghouse Definition
What is a healthcare clearinghouse? These companies convert nonstandard health data into standard health data or vice versa.
A healthcare clearinghouse can be “a public or private entity, including a billing service, repricing company, community health management information system or community health information system, and ‘value-added’ networks and switches,” explained Ohio law firm Bricker & Eckler LLP.
If you are unsure whether or not you fit one of those definitions, you can complete a short Q & A from the federal government.
The Role of the Healthcare Clearinghouse
People are often unfamiliar with that third category, the clearinghouse. The role that it serves is essentially a “middleman” that sends claim data from a provider (such as a clinic) to a payer (such as an insurance company). One of the primary activities conducted by health care clearinghouses is claims scrubbing, which essentially checks for any possible mistakes and makes sure the claim is formatted correctly for reading by the payer’s system.
“The clearinghouse also checks to make sure that the procedural and diagnosis codes being submitted are valid and that each procedure code is appropriate for the diagnosis code submitted with it,” said For Dummies. “The claim scrubbing edit helps prevent time-consuming processing errors.”
Interviewing Business Associates
The first business associates were getting audited in 2015. Your choice of a business associate should now focus even more on credibility since HITECH essentially means broader responsibility: your tech partners and others can now receive penalties as well.
Here are several questions that were recently asked of us by a company thinking about switching to our HIPAA server hosting environment.
Healthcare client:
What is your business continuity plan for HIPAA?
HIPAA hosting specialist:
Please see our business continuity plan attached.
Healthcare client:
What is your backup plan for HIPAA?
HIPAA hosting specialist:
We provide Fully Managed Daily Encrypted Backup for all files and databases on separate Encrypted Storage Nodes. Other information is listed in the attached.
Healthcare client:
Is there any difference between regular data centers and HIPAA-compliant data centers? Please tell me why it is different.
HIPAA hosting specialist:
A HIPAA compliant Data Center has been audited for HIPAA and HITECH compliance.
Healthcare client:
What is your emergency plan? Do your technicians stand by 24/7?
HIPAA hosting specialist:
We operate a 24 X 7 X 365 Live Engineering support environment.
Healthcare client:
What is your plan to prevent data leakage? Like USB leakage (Both data center & our office).
HIPAA hosting specialist:
The documents I have attached cover this question. We are not involved in the customer’s HIPAA compliance in their office environment. This requires that the customer contract with a HIPAA consultant.
Healthcare client:
According to your website, you are HIPAA compliant, but is there any proof of evidence? (certification/audit)
HIPAA hosting specialist:
The documents I have attached include HIPAA certification.
Healthcare client:
As far as my understanding, virtual server hosting has some problems with HIPAA’s security rules. Is it safe to put our data into a virtual server?
HIPAA hosting specialist:
We will not issue a BAA based on the use of a Public Cloud / private cloud hosting environment (including our own). That does not mean that you cannot create a Private Virtualized environment by using Private Dedicated Server Hardware containing multiple private cloud servers.
Healthcare client:
What is the price for HIPAA compliant Windows Cloud Hosting? (access from only one location)
HIPAA hosting specialist:
With 1 TB of Self-Encrypted Storage, it is $xxx per month on a 12-month agreement with no setup fee.
Making Strong HIPAA Choices
HIPAA audits are on the rise, with the DHHS reportedly ready to crack down on any violations. Violations and settlements aren’t just expensive and distracting. They can also be a publicity nightmare since any data compromises affecting 500 people or more must be reported to a major media outlet.
Whatever your technical requirements, Atlantic.Net offers the industry-leading HIPAA Compliant hosting solution, audited by a fully qualified and independent third party, among many other service options to support healthcare hosting. We also offer HIPAA webhosting.
By Moazzam Adnan