HIPAA-Compliance Audits to Target Medical Service Partners

With implementation of the HIPAA Omnibus Rule, the government is already gearing up for the 2014 launch of an aggressive HIPAA auditing campaign. The Department of Health and Human Services Office of Civil Rights (OCR), which is tasked with managing the audit program, has promised an aggressive roll-out that will target both medical providers and their service partners and business associates, including medical answering services and medical call centers. In fact, according to healthcare legal specialists, medical practice business associates (BAs) are expected to be prime audit targets.

OCR said they plan on targeting BAs because OCR believes that BAs have more compliance problems and are at risk for more breaches than they should be, Dianne Bourque, a healthcare legal specialist at Mintz Levin, recently told HealthITSecurity.com. Her comments were made during a Health IT Security webcast which provides an eye-opening view of the exposure medical practices could suffer by continuing to use service providers that do not comply with HIPAA regulations.

Medical practice managers may be surprised by how far downstream their HIPAA-compliance liability could run. As Bourque points out, new regulations require medical practices to protect patient information at every level of access and processing, including not only direct contracts with primary service providers but also services subcontracted to others by primary providers.

The threat of stiff penalties with fines pegged to level of negligence – up to $1.5 million per violation — should have healthcare managers reviewing service contracts and taking steps now to guarantee HIPAA compliance. If your medical call center fails the HIPAA-compliance test, click here to find out about MedConnectUSA’s HIPAA Hitech secure messaging.