Author Topic: HIPPA and BA Agreement  (Read 1332 times)

Marie_w01

  • Newbie
  • *
  • Posts: 13
HIPPA and BA Agreement
« on: October 03, 2019, 10:06:30 PM »
Hello,
I am in the process of starting a new Medical Billing Business.  :) I would like to know which company do you recommend using for your  HIPPA training/ BA Agreement? I have done some research online and there are certain company’s that sell HIPPA Compliance Packages, is this recommended?
Example:
2019 Hippa Compliance By: HIPPA Made Easy on Amazon

Thanks in advance
« Last Edit: October 03, 2019, 10:13:24 PM by Marie_w01 »

Michele

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5584
    • Solutions Medical Billing
Re: HIPPA and BA Agreement
« Reply #1 on: October 04, 2019, 07:01:26 AM »
If you know HIPAA and understand all of the rules it's not necessary to purchase a package.  I can't really recommend any because I've never seen any.  There is so much (free) information out there about HIPAA. We had been in business before HIPAA was passed so for us we learned as it was rolled out.  Also, many insurance carriers offered free information and training, so we didn't need to buy any packages. 

It is important that you as a billing service protect any PHI you have.  Being a billing service we don't have as much to consider as someone in a provider's office since most billing services are private offices without visitors.  Still you have to make sure you have a HIPAA compliance officer appointed and policies in place if a violation occurs.  You also have to make sure your records are secure (locked building, password protected computers, etc) and that you have a BAA with anyone who may enter the building (landlord, cleaning service).  You have to make sure no papers are left lying around where someone can walk in and see them.  Some used locked file cabinets.  We have a private building that we own, that is locked when we are not open so we don't use locked file cabinets.  Also, most of our stuff is stored on our hard drive digitally. 

If you are not familiar with HIPAA you definitely need to make sure you understand it, but I just can't recommend any particular package.  Since I have not seen these packages it's hard for me to comment but I personally wouldn't pay several hundred dollars for a "HIPPA package".  I would start by googling for some free information and see if I still felt I needed to pay for something after. 

BA agreement samples are available online as well.  BA agreements are pretty standard and samples can be used to create one.  (I would not use a sample contract though.)

Hope this helps.
Sign Up for our FREE Medical Billing Newsletter
Get a 10% discount on Medical Billing Products by using Coupon Code: 10OFF
http://www.solutions-medical-billing.com

PMRNC

  • Hero Member
  • *****
  • Posts: 4562
    • One Stop Resources & Networking for Medical Billers
Re: HIPPA and BA Agreement
« Reply #2 on: October 04, 2019, 07:57:21 AM »
Quote
Being a billing service we don't have as much to consider as someone in a provider's office since most billing services are private offices without visitors.  Still you have to make sure you have a HIPAA compliance officer appointed and policies in place if a violation occurs.  You also have to make sure your records are secure (locked building, password protected computers, etc) and that you have a BAA with anyone who may enter the building (landlord, cleaning service).  You have to make sure no papers are left lying around where someone can walk in and see them.  Some used locked file cabinets.  We have a private building that we own, that is locked when we are not open so we don't use locked file cabinets.  Also, most of our stuff is stored on our hard drive digitally. 

With the passing of HITECH Business Associates became responsible for all of the same things a CE is.


Whether you are one person or 10, makes no difference. Your Business Associates Agreement is worth nothing without the following to back it up:


Your named privacy officer
Your HIPAA privacy and security risk assessment
Your privacy and security policies and procedures (with updates and change log)
Log and audit trail for information access
Evidence of your training or your employee’s training for those policies and procedures
Evidence that you perform routine and consistent auditing to ensure your policies and procedures are being performed.
Employee disciplinary plan in place for any HIPAA/HITECH Breaches

There are so many billing companies using standard BA agreements and don't have any of the above to back that agreement up which is basically a promise to have the above. The covered entity has a right at any time to request the above and if there is a breach the above will be requested upon audit.

As for purchasing packages, I agree with Michele, knowing HIPAA gives you a leg up and allows for you to make better choices in how to proceed. Yes there are free tools and articles and guidance on compliance but understanding HIPAA yourself is of the utmost importance.


Linda Walker
Practice Managers Resource & Networking Community
One Stop Resources, Education and Networking for Medical Billers
www.billerswebsite.com

Marie_w01

  • Newbie
  • *
  • Posts: 13
Re: HIPPA and BA Agreement
« Reply #3 on: October 04, 2019, 05:49:42 PM »
Yes as a MB, I understand HIPPA. However, I was not sure which company to use to certify my new business or how to train potential future employees. But the information that was provided was very helpful. I will also like to become certified through PMRNC. Thanks again  :)

Michele

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5584
    • Solutions Medical Billing
Re: HIPPA and BA Agreement
« Reply #4 on: October 07, 2019, 07:19:28 AM »

With the passing of HITECH Business Associates became responsible for all of the same things a CE is.


Whether you are one person or 10, makes no difference. Your Business Associates Agreement is worth nothing without the following to back it up:


Your named privacy officer
Your HIPAA privacy and security risk assessment
Your privacy and security policies and procedures (with updates and change log)
Log and audit trail for information access
Evidence of your training or your employee’s training for those policies and procedures
Evidence that you perform routine and consistent auditing to ensure your policies and procedures are being performed.
Employee disciplinary plan in place for any HIPAA/HITECH Breaches

There are so many billing companies using standard BA agreements and don't have any of the above to back that agreement up which is basically a promise to have the above. The covered entity has a right at any time to request the above and if there is a breach the above will be requested upon audit.

As for purchasing packages, I agree with Michele, knowing HIPAA gives you a leg up and allows for you to make better choices in how to proceed. Yes there are free tools and articles and guidance on compliance but understanding HIPAA yourself is of the utmost importance.




Linda is right, I did not mean to imply that a billing service is not just as responsible as a medical office.  I just meant that most billing offices are private and don't have any public traffic which makes compliance easier than a medical office where the staff gets up and walks away from their desk, or patients can overhear conversations, or papers are lying around where patients/families have access.  IMO there is so much more to consider when you are in a medical office, but it is still equally as important.   ;D
Sign Up for our FREE Medical Billing Newsletter
Get a 10% discount on Medical Billing Products by using Coupon Code: 10OFF
http://www.solutions-medical-billing.com

PMRNC

  • Hero Member
  • *****
  • Posts: 4562
    • One Stop Resources & Networking for Medical Billers
Re: HIPPA and BA Agreement
« Reply #5 on: October 07, 2019, 10:03:49 AM »
Quote
Yes as a MB, I understand HIPPA. However, I was not sure which company to use to certify my new business or how to train potential future employees. But the information that was provided was very helpful. I will also like to become certified through PMRNC. Thanks again  :)

Our CHIS (Certified HIPAA Information Specialists) certification certifies the business owner or employee, it's not a certification that your business is HIPAA certified as no such guarantee exists. You can learn more about this certification on our website at www.billerswebsite.com
Linda Walker
Practice Managers Resource & Networking Community
One Stop Resources, Education and Networking for Medical Billers
www.billerswebsite.com