• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Practice is liable if contractor discloses patient PHI


HIPAA rules have changed regarding a patient's protected health information. See how this can affect even your practice's contractors.

Q: I’ve heard that new Health Insurance Portability and Accountability Act (HIPAA) rules would make our practice liable if a business we contract with discloses a patient’s protected health information (PHI). Is that true?

A: Yes. In January, the government published a final rule regarding HIPAA that changes the ways medical practices maintain, use, and disclose PHI. The rule makes a medical practice liable for the acts or omissions of its agents, including an employee or a business associate.

As an example, if your billing company-which qualifies as a business associate-improperly uses or discloses PHI, then it will be subject to penalties, as will your practice as the covered entity.

Because you may now be exposed to a business associate’s liability, it is important to make sure that you have a proper agreement addressing the shifting of responsibility or fault in the event of a PHI breach.

Addressing your business associate relationships is one step in updating your practice with proper HIPAA documents that will be required before the September 23 compliance deadline. Other required steps include updating your HIPAA privacy policies, complying with maintenance of electronic PHI, implementing required privacy safeguards, and understanding your new practice obligations.

The author is the healthcare department manager for Kirschenbaum & Kirschenbaum PC in Garden City, New York. Engage with us at www.twitter.com/MedEconomics and www.facebook.com/MedicalEconomics.


Related Videos
© National Institute for Occupational Safety and Health
© drsampsondavis.com