The Health Insurance Portability and Accountability Act (HIPAA) pertains to HIPAA-protected units and their business companions, however, what are protected units according to HIPAA, and what type of businesses are categorized as business companions?
Protected Units According to HIPAA
Protected units according to HIPAA are persons or units that convey protected health information for dealings for which the Division of Health and Human Services has implemented criteria (see 45 CFR 160.103).
Dealings include the spread of healthcare entitlements, remittance and payment advice, healthcare position, coordination of welfares, registration and deregistration, suitability checks, healthcare electronic fund transmissions, and recommendation certification as well as endorsement.
Protected units according to HIPAA include healthcare providers, health plans, and healthcare clearinghouses. Health plans comprise military and old-timers’ health programs, government plans that pay for healthcare (Medicare for instance), health maintenance companies, and health insurance firms.
Healthcare clearinghouses are companies that manage custom-made health information and change data into types that abide by the standards defined in the HIPAA administrative simplification regulations.
Healthcare suppliers include home health agencies, pharmacies, nursing homes, chiropractors, dentists, psychologists, doctors, clinics, hospitals, and other suppliers of healthcare that convey health information by electronic means.
HIPAA also pertains to business companions of HIPAA-protected units as well as their subcontractors.
What is a Business Companion?
A business companion can be a person or firm that delivers facilities to a HIPAA-protected unit which needs them to have access to, use, store or convey protected health information. The listing of business companions is long, and the variety of companies incorporated under the description of the business companion is different.
Business companions of HIPAA protected units comprise collections agencies, claims processors, pharmacy benefits managers, CPA firms, attorneys, consultants, EHR providers, data storage companies – electronic as well as physical records, cloud service suppliers, transcriptionists, billing companies, third-party administrators, and medical device producers.
Before a business companion is given PHI or access to systems having PHI, they should enter into a HIPAA-compliant BAA with the protected unit. A BAA is an agreement in which the duties of the BA regarding HIPAA and PHI are explained.
Fines for Noncompliance with HIPAA Laws
Protected units according to HIPAA, as well as a business companion that has contracted a BAA with a protected unit, should abide by HIPAA Laws. The failure to abide by any part of HIPAA can lead to monetary penalties. The maximum fine for a HIPAA breach is $50,000 per case, up to a maximum of $1.5 million, per breach class, per year.
If HIPAA breaches have been permitted to continue for many years, or if several breaches of HIPAA Rules are found, multi-million-dollar penalties are possible. Criminal fines are also possible for specific HIPAA breaches.