If your firm is a health insurance company, HMO, or a company that runs its own health plan (self insured), supports a government program that pays for health care such as Medicare, Medicaid or military then HIPAA and ARRA-HITECH applies to you. Uncertain? You need to take the appropriate steps to determine if you are in compliance!
Clients that qualify as Covered Entities and Business Associates will also look to you for your assurance that you comply with HIPAA and ARRA-HITECH requirements.
HIPAA and ARRA-HITECH applies to both Covered Entities (CE) and their Business Associates (BA). BA’s are entities or people that conduct work on behalf of CE’s and handle (handle = store, process, transmit or destroy) Covered Entity provided Protected Health Information (PHI). Virtually all health care and medical insurers are subject to these regulations.
Consequently, insurers who handle PHI as a result of their relationship with a Covered Entity are considered Business Associates.
Regardless of whether an insurer obtains Protected Health Information (PHI) through a relationship functioning as a Covered Entity or as a Business Associate, that PHI must be provided the same protections as those protections required of a hospital or doctor.
Do you handle PHI? Are you compliant with the Administrative, Physical and Technical provisions of HIPAA as well as the Privacy and Breach notification requirements specified in ARRA-HITECH? Health Compliance Partners Compliance Assessment service is designed to assess your compliance profile, identify gaps, and provide a remediation roadmap to compliance.