Most business associates have direct accountability to the Health Insurance Portability and Accountability act of 1966(HIPAA). The act was formulated to enhance the responsibility and portability of health insurance cover for employees and health insurance clients. It was also created to combat misuse, fraud, and waste as far as health coverage and healthcare delivery are concerned.
This is important because it ensures that patients (employees in this case) are covered in case of any health risk that may arise regardless of personal biases that arise in-between coverage. It was, therefore, deemed important to have business associates take direct liability under HIPAA to see that employees have safe health coverage. In the piece below, we will look at a few ways in which business associates are directly liable for HIPAA violations. Before that, however, let’s take a look at why HIPAA training is important.
Business Associates need professional training to protect their businesses and themselves from the various risks involved in violating the HIPAA rules. As highlighted on hipaaexams.com, various different personnel in the healthcare industry require HIPAA training. This is especially important for those who fall under the category of business associates. This would include people and entities working in:
- Medical billing
- Medical device manufacturing
- Legal service providers
- Consulting and marketing agencies
- IT service providers
- Cleaning and hospitality
- Medical transcription
- Among others
Failure to Avail Records and Compliance Reports
This also involves failure to cooperate with investigations of complaint and compliance reviews and allow access to the information by the secretary together with protected health information, relevant in the determination of compliance. The details of the health cover should be made available for the people involved to easily acquire them because they own the cover and they have a right to them. Failure to do this, the business associate may encounter severe consequences.
Avenging Someone for Filing a Complaint
Taking any action presumed to be vengeance against any individual or any other person for having a HIPAA complaint filed is prohibited. The same case applies to taking part in vengeance investigations or any enforcement activity that goes against the provisions of HIPAA. An individual can only file a complaint regarding things they have the right to. It is, therefore, not allowed for business associates to take revenge on an individual who had filed the complaint against them because it is that individual’s right to receive appropriate services from the associates.
Failure to follow the HIPAA Security Rule
The HIPAA security rule provides guidelines to be followed by business associates. In summary, it requires that the patient’s healthcare data be protected from all threats and breaches. If in any case, the rules are not followed, the business associates in question are liable to consequences as per the guidelines from HIPAA regarding the actions to be taken against such business associates.
Failure to Make a Breach Notification
Failure to make a notification following the discovery of a breach of unsecured protected health to a covered entity can land a business associate in trouble as provided for by the HIPAA breach notification rule. It is the right of an individual to be notified about any breach of their health cover once it is spotted. If the problem is not corrected, the individual will have a hard time acquiring their health cover. The business associates under whom the individual is, therefore, will be questioned in case anything goes wrong with the health cover of the individual because they should have acted as soon as the breach was noticed.
Use and Disclosure of Protected Health Information (PHI) Without Consent
The protection of every individual’s health information is crucial. The HIPAA act has provisions against this. If, in any case, a business associate is discovered to be using a patient’s information without permission from the individual, drastic disciplinary action should be taken against them.
Failure to Avail the PHI Copy to the Authorized People
This refers to the failure to avail an electronic PHI copy to either the covered individual, or any other person as specified in the agreement with the business associate to meet a covered entity’s responsibility with regards to format and form, time, and method of access. The electronic PHI copy should always be available for those who are rightfully involved based on the agreement with the business associate. Failure to avail the copy is wrong, and the business associates are liable to consequences.
Using the PHI in A Manner That Endangers the Individual
PHI should also be used rightfully with the individual’s safety prioritized. Here it is assumed that business associates will use sound judgment whenever using or disclosing the patient’s health information. The said use of information should not put any party in danger.
Business associates should be careful not to violate any agreement on the HIPAA act. This is because if things go wrong, they could suffer certain unpleasant consequences. The above brief account covers some of the HIPAA violations business associates should be aware of.
Image Source: BigStockPhoto.com (Licensed)