In: Nursing
Create a list of 3 businesses (other than the example below) that a hospital, physician's office, nursing home, or other healthcare organization would contract with that would be considered business associates under HIPAA. For each business associate, please indicate at least one issue that would need special attention and how would the healthcare organization would ensure that PHI was being safeguarded?
Example:
A hospital may choose to contract with a technology recycling
company to take care of the disposal of all of its tech items such
as computers, printers, and monitors. One special issue that should
be noted in the contract is that for any items that contain a hard
drive such as desktops, laptops, and some printers, the hard drive
must be removed from the device and destroyed using a pneumatic
hard drive crusher. In order to ensure that this is done, the
hospital could specify that the destruction of the hard drives be
done onsite.
Examples Business Associates under HIPAA are as follows:
· A third-party administrator.
The TPAs assists a health plan with claims processing and act as a mediator between insurance company and patient. For the processing of the insurance, all relevant PHI must be shared with the TPAs. TPAs should have entered into a legal contract with the insurance company not to trade information and records of its business required to maintain the confidentiality of the health information obtained
· An independent medical transcriptionist that provides transcription services to a physician.
Breach of confidentiality is a potential problem in independent medical transcriptionist that provides transcription services to a physician. Notice of Proposed Rulemaking (NPRM) that expands the definition of the business associate under HIPAA to include subcontractors which include medical transcriptionist independent contractors (ICs) who work for MTSOs. It makes the medical transcriptionist ICs directly liable to the federal government for failure to comply with HIPAA regulations.
· A pharmacy benefits manager that manages a health plan’s pharmacist network.
A signed authorization from patients prior to service must be
obtained, allowing the pharmacies and hospitals to access to use
their PHI during their care during the course of business. Use of
protected patient information beyond the business will lead to
serious actions as per HIPAA rules.
The Privacy Rule demands that a HIPAA disclosure authorization
contains either an expiration date or event that relates to the
individual or the purpose of the use or disclosure. The
authorization obtained from the patient remains valid until its
expiration date or event unless effectively revoked in writing by
the individual before that date or event.