5 Ways the New HIPAA Regulations Change How Providers, Collection Partners Work Together

  • Email
  • Print
  • Printing Articles

    1. Click here to print!
    2. ...or print directly from your browser by choosing File > Print... from the menu or by pressing [Ctrl + P]. Our printer-friendly stylesheet will make sure extraneous website stuff isn't printed.
    3. You're done!

    Close this message.

  • Comments
  • RSS

The new HIPAA Omnibus Regulations can be a daunting read, but contained within those 563 pages are extensive changes regarding how healthcare providers and their respective collection agency partners handle patient data.

insidePatientFinance.com has distilled the relevant regulations covering the relationship between providers (“covered entities” in the regulations) and collection partners (“business associates”) into a single 21-page document that you can download here (PDF, registration required):  (You must be logged in to download this file. Don't have an account? Register for free and you'll be returned to this page.)

Below are five changes contained in the regulations that you need to know today:

1. “Business associates,” such as collection agencies, are now as much on the hook for violating patient privacy laws as providers. (See page 92 of the full regulations, which you can find a link from which to download below.)

2. If business associates have subcontractors that come in contact with protected patient data, the business associate will be required to have a business associate agreement with them. Providers, however, will not be required to have business associate agreements with the subcontractors of business associates. (p. 136)

3. The new regulations require potentially extensive changes to current business associate agreements. In light of all the negotiating required to get all these agreements in place, the new regulations provide a grace period of one year — provided that a business associate agreement already exists. (p. 149)

4. The current contractual relationship between business associate and their respective subcontractors will be allowed the one-year grandfathering provision provided that the business associate is compliant with the previous law which requires the business associate ensure that its agents with access to protected health information agree to the same restrictions and conditions that apply to the business associate. (p. 151)

5. The new regulations contain higher penalties for breaches and other violations. What is important to know is that any violation that occurred on or after February 18, 2009, will be subject to the new penalties. (p. 71)

You can download the entire omnibus final rule here (PDF, registration required):  (You must be logged in to download this file. Don't have an account? Register for free and you'll be returned to this page.)

  • Email
  • Print
  • Printing Articles

    1. Click here to print!
    2. ...or print directly from your browser by choosing File > Print... from the menu or by pressing [Ctrl + P]. Our printer-friendly stylesheet will make sure extraneous website stuff isn't printed.
    3. You're done!

    Close this message.

  • Comments
  • RSS

Posted in Medical Receivables, Patient Financial Services, Revenue Integrity .

×
Subscribe to our email newsletters

Continuing the Discussion

We welcome and encourage readers to comment and engage in substantive exchanges over topics on insideARM.com. Users must always follow our Terms of Use. Also know that your comment will be deleted if you: use profanity, engage in any kind of hate speech, post an incoherent or irrelevant thought, make a point of targeting anyone, or do anything else we find unsavory. Your comment will be posted under your current Display Name, shown below. If you'd like to change your Display Name, you must update it on the My Profile page.

Leave a Reply