How to Manage the HIPAA Business Associate Process + HIPAA Business Associate Compliance and Dangers – Recorded Webinar (Combo)

How to Manage the HIPAA Business Associate Process

If you are a healthcare organization that has vendors providing services as a HIPAA Business Associate, managing this process can be confusing. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity healthcare provider.

Having a systematic process to handle these business relationships to ensure a healthcare organization’s protected health information is being properly accessed and protected by the business associate is critical.

Organizations must know how to identify business associates. Business associate functions and activities include the use of tracking technologies, claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; and practice management. Business associate services are legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial.

Webinar Objectives

• How to determine if a vendor is a HIPAA Business Associate.
• How to assess a vendor in determining compliance with HIPAA requirements.
• Understanding the Business Associate Agreement (BAA) process and making sure all government mandated requirements are in place.
• I like this vendor, but…..
• Focus on tracking technologies and third-party vendors.
• What if a Business Associate causes a breach of your organization’s data.
• Review case examples of HIPAA breaches.
• What are the penalties and fines for non-compliance and how to avoid them?
• Q&A

Webinar Highlights

• Learn from an expert who has served as a HIPAA Compliance Officer in a large organization.
• Learn how to manage the Business Associate process.
• Learn how to develop and use a Vendor Security Questionnaire.
• Learn how to audit your Business Associates.

Who Should Attend

• Compliance Officer
• HIPAA Privacy Officer
• HIPAA Security Officer
• Medical/Dental Office Managers
• Practice Managers
• Information Systems Manager
• Chief Information Officer
• General Counsel/lawyer
• Practice Management Consultants
• Any Business Associates that access protected health information

HIPAA Business Associate Compliance and Dangers

This webinar is for HIPAA Covered Entities (CEs) and Business Associates (BAs). Criminals increasingly focus cyber-attacks on BAs because one hit can give them access to PHI of all the BA’s customers. Growth of serious BA PHI breaches affecting tens of millions of patients put the spotlight on BA HIPAA compliance, attracting HHS Office for Civil Rights investigations and aggressive private class action lawsuits filed within days of a breach targeting BAs and their CE customers. CEs that did nothing wrong can still be held liable to pay the same civil money penalty as their BA for the BA’s HIPAA violation under the Federal Common Law of Agency which is included in the HIPAA Enforcement Rule.
Simple steps, often overlooked but easy to follow, enable CEs and BAs to protect against costs and damage to their reputations caused by violations of HIPAA Rules that apply to BAs. The chain of HIPAA compliance starts with a CE. It extends to a BA that provides a CE with services involving PHI. And the chain of compliance continues on down to any subcontractors of a BA that perform services involving PHI. BA subcontractors are defined by HIPAA as BAs and are fully liable for compliance.

• CEs must obtain “satisfactory assurances” from each BA, documented in writing, that the BA complies with HIPAA before disclosing PHI to the BA or allowing the BA to create, receive, maintain or transmit PHI on their behalf.
• BAs must obtain “satisfactory assurances” from each Subcontractor BA, documented in writing, that the Subcontractor BA complies with HIPAA before permitting the Subcontractor BA to perform services involving PHI.

This webinar explains the interconnected HIPAA compliance responsibilities and liabilities of CEs and BAs. HIPAA Rules that apply to both are easy to follow, step-by-step, when you know the steps.

HIPAA Rules that apply to CEs in dealing with BAs and that BAs must follow are discussed and explained including:

• Serious Business Associate HIPAA Violations
  Brief review of current OCR BA Enforcement and Class Action lawsuits based on BA HIPAA violations
• Explanation of how HIPAA Rules apply to BAs
  • Security, Privacy and Breach Notification Rules
• Business Associate Agreements and the key Agency Issue – Don’t make your BA or Subcontractor BA your legal agent by mistake like many do
• CE Due Diligence for BAs and BA Due Diligence for Subcontractor BAs
• Who’s in Charge? – Responsibility & Authority – Responsibility of Senior Management and Owners – Delegation of Authority for development and implementation of a BA HIPAA compliance program

Why You Should Attend This Webinar

CEs can find themselves fully liable for HIPAA violations committed by BAs and BAs for violations committed by Subcontractors under the little known Federal Common Law of Agency. However, risks associated with BA HIPAA compliance can be managed calmly and confidently by following the HIPAA Rules that are easy to follow, step-by-step.
CEs should attend to see what to look for in Due Diligence, how to obtain HIPAA required satisfactory assurances that a BA is complying with HIPAA and avoid liability by inadvertently making a BA their agent.
BAs should attend this webinar to see exactly what they must do to comply with HIPAA Rules – Security, Privacy and Breach Notification Rules. And what to look for in Due Diligence and how to obtain HIPAA required satisfactory assurances that a Subcontractor BA is complying with HIPAA while avoiding liability by inadvertently making a Subcontractor BA their agent

Who Should Attend This Webinar

Covered Entities of all types who disclose PHI to BAs and allow BAs to create, receive, maintain and transmit PHI on their behalf
Business Associates of all types including for example:

• Billing and Coding companies
• Practice Management Companies
• IT Vendors
• Data Storage firms (electronic and paper)
• Secure and unsecure providers of PHI email and text message services
• Vendors of patient satisfaction surveys
• PHI record retrieval and release of information vendors
• Law and Accounting Firms
• Health Plan Third Party Administrators
• CE Owner – CEO – COO Compliance Manager
• Board of Directors – for profit and non-profit CEs
• Healthcare Practice Manager
• Administrator, Long Term Care Facility
• BA Owner – CEO – COO
• Security and Privacy Officers
• Compliance, Information Security and Risk Management Directors
• Business Manager
• Attorney – General Counsel, Associate General Counsel, Inside Compliance Attorney, Outside Health Law Attorney