Being a billing service we don't have as much to consider as someone in a provider's office since most billing services are private offices without visitors. Still you have to make sure you have a HIPAA compliance officer appointed and policies in place if a violation occurs. You also have to make sure your records are secure (locked building, password protected computers, etc) and that you have a BAA with anyone who may enter the building (landlord, cleaning service). You have to make sure no papers are left lying around where someone can walk in and see them. Some used locked file cabinets. We have a private building that we own, that is locked when we are not open so we don't use locked file cabinets. Also, most of our stuff is stored on our hard drive digitally.
With the passing of HITECH Business Associates became responsible for all of the same things a CE is. Whether you are one person or 10, makes no difference. Your Business Associates Agreement is worth nothing without the following to back it up:Your named privacy officerYour HIPAA privacy and security risk assessmentYour privacy and security policies and procedures (with updates and change log)Log and audit trail for information accessEvidence of your training or your employee’s training for those policies and proceduresEvidence that you perform routine and consistent auditing to ensure your policies and procedures are being performed.Employee disciplinary plan in place for any HIPAA/HITECH BreachesThere are so many billing companies using standard BA agreements and don't have any of the above to back that agreement up which is basically a promise to have the above. The covered entity has a right at any time to request the above and if there is a breach the above will be requested upon audit.As for purchasing packages, I agree with Michele, knowing HIPAA gives you a leg up and allows for you to make better choices in how to proceed. Yes there are free tools and articles and guidance on compliance but understanding HIPAA yourself is of the utmost importance.
Yes as a MB, I understand HIPPA. However, I was not sure which company to use to certify my new business or how to train potential future employees. But the information that was provided was very helpful. I will also like to become certified through PMRNC. Thanks again