First Healthcare Compliance CONNECT December 2020

More documents

Recommendations

Info

Q&A: HIPAA Compliance for Business Associates Catherine Short Rachel V. Rose, JD, MBA, presented the webinar “HIPAA Compliance for Business Associates” recently and a recording can be viewed here. Rachel returned to answer many commonly asked questions from the webinar. Are business associates subject to HIPAA penalties? Yes. As stated in both the HITECH Act and the Final Omnibus Rule, 78 Fed. Reg. 5566 (Jan. 25, 2013), business associates, which include subcontractors, can be held directly liable for HIPAA violations. For example, in 2016, a business associate’s failure to safeguard the protected health information of nursing home residents led to a $650,000 monetary penalty being assessed by HHS OCR. (https://www.hhs.gov/ hipaa/for-professionals/compliance-enforcement/agreements/catholic-health-care-services/index.html) If you were to give business associates and subcontractors one item that they need to do annually, what would it be? Annual Risk Analysis because all technical, administrative and physical safeguards would be identified and corrected. Is an indemnification provision required in BAAs? No. In my practice, I see them included quite a bit; however, this particular provision is not a requirement under 45 CFR §164.504(e)(1) or that HHS indicated was preferred. See https://www.hhs.gov/hipaa/forprofessionals/covered-entities/sample-business-associate-agreement-provisions/index.html. 8 First Healthcare Compliance, LLC © 2020
Are class action cases something that should be considered as part of an enterprise risk management program? Yes. The financial, legal, and reputational costs can be great and need to be considered. A good example of a HIPAA data breach which led to both an HHS OCR enforcement action of $16 million and a class action lawsuit settlement in excess of $115 million is Anthem BlueCrossBlueShield. An article that I wrote for Physicians Practice details these issues – https://www.physicianspractice.com/view/class-action-lawsuitscan-result-from-a-protected-health-information-data-breach. Should business associates be familiar with the 21st Century Cures Act, as well as the ONC and CMS Final Rules? Yes. There is an intersection between HHS HIPAA App Guidance and the ONC and CMS Final Rules, in terms of patients accessing their data through apps. Be aware of unsecure apps and stay abreast of the compliance dates. Rachel V. Rose – Attorney at Law, PLLC (Houston, Texas) – represents clients on healthcare, cybersecurity, securities and qui tam matters. She also teaches bioethics at Baylor College of Medicine. She has been consecutively named by Houstonia Magazine as a Top Lawyer (Healthcare) and to the National Women Trial Lawyer’s Top 25. She can be reached at rvrose@rvrose.com. Be sure to look up a recording of this webinar on YouTube and a recording with Rachel on our podcast, 1st Talk Compliance. Take a look at our brand-new book: HIPAA Privacy and Security, and our online compliance training courses such as What is HIPAA?, and HIPAA Business Associate Agreements Under HITECH. And check out Rachel’s other blogs Q&A: HHS Final Rules, Patient Access to PHI & Health Apps Intersect, Recent HHS Guidance Underscores the Importance of HIPAA Compliance and Q&A: HIPAA and Health Apps. The Most Comprehensive Healthcare Compliance Course The Fundamentals is a user-friendly, four-module online course designed to help healthcare professionals understand the essential principles and practices of compliance. BUY COURSE NOW Contact Toll Free: 888-54-FIRST 9
Page 1 and 2: CONNECT December 2020 A Monthly Pub
Page 3 and 4: Compliance Super Ninja Carolyn Kei
Page 5 and 6: Should medical waste or general was
Page 7: Contact Toll Free: 888-54-FIRST 7
Page 11 and 12: COVID-19 Healthcare Compliance Tool
Page 13 and 14: WORD SEARCH P Z O X H T D Y C Q J F

First Healthcare Compliance CONNECT December 2020

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?