A "Business Associate" is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a Covered Entity. The Privacy Rule lists some of the functions or activities, as well as the particular services, that make a person or entity a Business Associate, if the activity or service involves the use or disclosure of protected health information. The types of functions or activities that may make a person or entity a Business Associate include payment or health care operations activities, as well as other functions or activities regulated by the Administrative Simplification Rules.
Business associate functions and activities include: claims processing or administration; data analysis, administration, utilization review, quality assurance, billing, benefit management, practice management and repricing. Business associate services are: legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation and financial. See the definition of "Business Associate" in HIPAA 45 CFR 160.103. As a business and network consultant Farmhouse Networking is bound to healthcare Covered Entities as a Business Associate that bears pre-defined responsibilites according to the Security Rule. Broadly speaking, the Security Rule requires that a Business Associate implement administrative, physical, and technical safeguards. In addition, it imposes other organizational requirements and a need to document processes analogous to the Privacy Rule.
HIPAA Compliance Consultation:
The HIPAA Privacy & Security Rules apply to all healthcare providers, health plans, healthcare clearinghouses, and to any service provider that manages electronic protected health information (ePHI). This applies to organizations in the life sciences field such as medical devices, biotechnology, and pharmaceuticals. Understanding these regulations and how they are to be applied to a practice is a complicated, time consuming process. Farmhouse Networking will comprehensively evaluate the practice to determine the needed administrative, physical, and technical safeguards to comply with the HIPAA Privacy & Security Rules. Documenation will be created outlining security practices and breach notification regulations with a comprehensive Information Security Policy for the practice after explaining how HIPAA/HITECH/Omnibus Rules will impact your organization. An inventory of the network is done to identify where all current assets reside then deficiencies in network security will be prioritized so that the necessary cybersecurity measures can be implemented to mitigate risk and achieve HIPAA compliance. Once HIPAA compliance has been acheived then regular meetings will be scheduled to review current policy and maintain the documentation as needed.
Things that are typically addressed during the comprehensive evalution of complaince & security are:
- Antivirus Software/Virus Protection
- SPAM Filtering/Email Encryption
- Employee Web Traffic Filtering
- Firewall Policies/Network Access Lists
- VPN Connections/Remote Access
- User Accounts/Password Policies
- Data Retention Policies/NAID AAA Certified Information Destruction li>File Access/Audit Logging
- Backup/Recovery Procedures
- Business Associate Compliance Audit
- Information Systems Inventory