The trusted source for
healthcare information and
HIPAA Regulatory Alert: Company develops business associate agreement
Template created to fulfill HIPAA requirements
One of the nation’s leading medical messaging services has taken the lead in developing a sound business associate agreement to present to its clients to fulfill HIPAA requirements.
Long Island, NY-based MEDFONE Inc., which works strictly for health care clients such as group practices, individual physicians, and insurance companies, offering them medical messaging services such as an answering service, telemarketing sales, and inbound and outbound call center activities, drew up a proposed business associate agreement template once president Jay Moses realized how much work would be involved in reviewing the wide variety of agreements being received from clients.
"We process 10,000 calls a day for more than 800 clients nationwide," Moses tells HIPAA Regulatory Alert. "Many of these calls deal with patient health information. We were already very security conscious, but we had to upgrade our technology platform to ensure that all calls are encrypted, safe, and password-protected. And we’ve trained all of our agents in what it means to be HIPAA-compliant."
Moses tells us that by the time he had received 200 business associate agreements from customers, he realized that HIPAA was going to be a huge undertaking for his organization, and also that many of his clients really did not have a good understanding of what HIPAA meant.
As a result, Moses turned to his company’s outside law firm to draft a business associate agreement that he could send to clients on his own initiative. While it was a voluntary service he offered, many of the clients went ahead and used them, he says, freeing time for him and his law firm because he knows that when one of his agreements comes back, it will be acceptable without extensive review.
Moses says that MEDFONE, which recently won an award of excellence from Customer Interactive Solutions magazine, has never had a confidentiality problem in the 25 years in which it has been in business. "It’s in the nature of our business that we already had many safeguards in place," he says. "But we still had to go to some very expensive changes to be sure that we would meet all requirements for our clients."
Moses says that because MEDFONE is required to store files for no less than six years, he had to upgrade storage devices, using a combination of on-site and off-site storage.
Asked his assessment of HIPAA readiness in health care covered entities based on contacts made with him, Moses expressed concern that HIPAA may still be an unknown entity for many organizations. "We still don’t know what the repercussions will be if an issue arises," he says. "There are no HIPAA police out there and no legal precedents. Some people say HIPAA is like Y2K — lots of hype and not much else. We’ll know more in October. We need to be able to handle the encryption keys that our clients need us to use. Because there’s no standardization — and, really, standardization is almost contrary to what HIPAA is trying to accomplish — we’re going to have to be able to deal with many different encryption systems. It’s important for our clients to know that they can work with us and we’ve done our due diligence. We don’t want any of our clients or ourselves to be liable if an issue arises."
Moses says it’s important that people realize HIPAA came about out of a desire for the financial savings for Medicare that can come from processing data in a consistent format. Health care organizations have to realize that there is a tremendous liability with penalties that can be severe, he says. He indicates that MEDFONE realizes that providers want to practice medicine and not worry excessively about administrative things, and that’s why his company’s role is to free clients as much as possible to concentrate on providing care.
For more information, contact Moses at (516) 679-7629.