• Revenue Cycle Management
  • COVID-19
  • Diabetes Awareness Month
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Practice is liable if contractor discloses patient PHI


HIPAA rules have changed regarding a patient's protected health information. See how this can affect even your practice's contractors.

Q: I’ve heard that new Health Insurance Portability and Accountability Act (HIPAA) rules would make our practice liable if a business we contract with discloses a patient’s protected health information (PHI). Is that true?

A: Yes. In January, the government published a final rule regarding HIPAA that changes the ways medical practices maintain, use, and disclose PHI. The rule makes a medical practice liable for the acts or omissions of its agents, including an employee or a business associate.

As an example, if your billing company-which qualifies as a business associate-improperly uses or discloses PHI, then it will be subject to penalties, as will your practice as the covered entity.

Because you may now be exposed to a business associate’s liability, it is important to make sure that you have a proper agreement addressing the shifting of responsibility or fault in the event of a PHI breach.

Addressing your business associate relationships is one step in updating your practice with proper HIPAA documents that will be required before the September 23 compliance deadline. Other required steps include updating your HIPAA privacy policies, complying with maintenance of electronic PHI, implementing required privacy safeguards, and understanding your new practice obligations.

The author is the healthcare department manager for Kirschenbaum & Kirschenbaum PC in Garden City, New York. Engage with us at www.twitter.com/MedEconomics and www.facebook.com/MedicalEconomics.


Related Videos
Robert E. Oshel, PhD
Gary Price, MD, MBA
Victor J. Dzau, MD, gives expert advice
Ron Holder, MHA, gives expert advice
remote patient monitoring
no shows
effective meetings
© 2023 MJH Life Sciences

All rights reserved.