Health Information Compliance Alert

Published on Wed Jul 10, 2013 PDF

Don’t be afraid to ask the BA to promise future capabilities.

With so many new and changing HIPAA regulations lately, your relationship with your system vendor business associate (BA) is more crucial than ever before. Here are four questions that you need to ask your system vendor BA, courtesy of Jim Sheldon-Dean, director of compliance services for Charlotte, VT-based Lewis Creek Systems, LLC.

1. Can the system provide access to protected health information (PHI) in the DRS for individuals? Make sure your vendor can provide a way to offer paper and electronic copies of patients’ PHI. Although the BA may actually produce the copies, you as the covered entity (CE) must always process the request.

2. Can the system properly restrict disclosures to insurers if requested? Under the new rules, patients can ask that you not report services to their insurer if they pay for those services out-of-pocket. But most basic billing systems are incapable of easily concealing such services from insurers.

Ensure that your vendor has some way to prevent these disclosures to insurers, because you must honor this request from individuals.

3. Does your BA agreement (BAA) with the vendor supplying your systems comply with the new rules? Do you have a proper BAA in place? Does the agreement meet all the proper specifications, and have you updated it accordingly? And does your BAA with the vendor supplying your systems require the vendor to provide the abilities you need to meet the new requirements?

4. Will your systems be able to handle the upcoming changes to the accounting of disclosures? And is your BA going to give you the capabilities you’ll need in the future to be in compliance? “You need to make sure your contract specifies the vendor is going to do what they can to help you be in compliance,” Sheldon-Dean stresses. Of course, the vendor will likely resist “because they don’t know what the regulations are going to be.”