Part B Insider (Multispecialty) Coding Alert
Are You Breach Bound?
PDF
A HIPAA-compliant BAA will help you avoid breach burn.
Unauthorized access and disclosure land many a practice in hot water annually. Oftentimes, this type of breach cannot be controlled by physicians and their certified staff, who diligently follow HIPAA protocols to the letter. Unfortunately, despite these providers’ efforts to stay compliant, the errors can usually be traced to business associates, who either fail to acknowledge the rules or are unaware of them. Ensuring that your business associate agreements (BAAs) are enforced can help you avoid issues down the road.
Who’s to blame?
“There is really no reason why a provider shouldn’t have BAAs in place in 2016,” says Michael D. Bossenbroek, Esq. of Wachler & Associates, P.C. in Royal Oak, Michigan. Though an occasional infraction might slip by now and then, setting up a firm BAA will likely help you dodge this common breach. The BAA helps enforce the principles of HIPAA, and partners who refuse to enter into this type of contract probably aren’t worth your time.
“Providers need to give careful thought to identifying their business associates and making sure that they have a HIPAA-compliant BAA in place with those business associates,” Bossenbroek says. “Providers aren’t necessarily responsible for the actions of their business associates, but a failure to execute a BAA is an easy way to get pulled into a business associate’s breach or failure to comply with HIPAA.”
Consider This
A strong BAA should be a top priority with clearly defined procedures and policies, suggests a recent report from the OCR on HIPAA cybersecurity, which also highlights the difficulties “covered entities” continue to have with the loss of PHI in their relationships with ill-advised business associates.
“I am aware of at least two recent settlements announced by OCR (North Memorial Health Care of Minnesota/$1.55 million and Raleigh Orthopaedic Clinic, P.A./$750,000) where OCR’s investigation revealed the providers did not have a business associate agreement in place with a business associate, and this was a big point emphasized by OCR in both cases,” Bossenbroek says. “My advice is that providers need to take the business associate relationship seriously.”
Resource: For more information on the OCR cybersecurity update, visit https://nysdental.org/blog/ocr-issues-hipaa-cybersecurity-update.
Related Articles
Part B Insider (Multispecialty) Coding Alert
- E/M Services:
CMS: You Needn't Hold Transitional Care Management Claims for 30 Days
Date of face-to-face service can now be your DOS. Tracking your practice’s transitional care management [...] - Compliance:
3 Common HIPAA Breaches -And How to Avoid Them
As the OCR’s Audit Phase 2 looms large, watch your practice’s loopholes for these common [...] - Are You Breach Bound?
A HIPAA-compliant BAA will help you avoid breach burn. Unauthorized access and disclosure land many [...] - Part B Coding Coach:
Focus on These Updates to ICD-10 Codes for Eye Care Specialists
Here’s a closer look at your coding options in Ophthalmology. New and expanded diagnosis codes [...] - Physician Notes:
Review Your Data Before Open Payments Go Live on May 15
Plus: Chiropractor charged with laundering health care payments. As the 45-day window closes on May [...]