HIPAA regulations must now be met by many businesses associated with healthcare companies after a 2013 amendment that greatly increased the number of businesses influenced by the law.
The Health Insurance Portability and Accountability Act, or HIPAA, has long subjected health insurance companies to audits ensuring compliance of national standards in privacy of protected health information, security of protected health information and breach notification to consumers, according to the Department of Health and Human Services website.
But now many businesses must meet these national standards. The Tennessean reports that “if you or your organization creates, receives or transmits protected health information required for you to perform services, you may be required to protect that information in the same way that a health provider would.”
Protected health information, or PHI, is considered any medical record or bill that could be used to identify a patient, and any business that prints, copies or stores PHI at their facility is at risk of an audit to ensure compliance with the HIPAA. Companies should understand their obligations under the HIPAA to avoid fines that the Tennessean reported could be hundreds of thousands of dollars.
The Department of Health and Human Services’ Office for Civil Rights (HHS OCR) enforces the HIPAA rules with audits that monitor the processes, controls and policies of selected companies. The OCR then writes a report to determine “what types of corrective actions are most effective.”
HIPAA requires healthcare companies and their business associates clearly define responsibilities with a formal agreement, and the Tennessean suggests that businesses refine their agreement. Business associates might also perform an
HIPAA compliance will be the OCR’s “main priority this year,” and HHS reports that the audits will select “as wide a range of types and sizes of covered entities as possible,” so everyone is eligible.