Business Associate Type: Software Vendor
Mandate: Address HIPAA Privacy & Transaction Compliance
Services Provided: Product design consulting, creation of business associate agreements for their customers, revision of their agreement with independent dealers, and partnership to provide HIPAA training to their clients
Results: Appropriate technical, legal, marketing and client service activities were done which provided their clients a smooth transition to compliance with the new HIPAA requirements
Between 2002 and 2004 the HIPAA regulations created major cost, angst, confusion and complexity for the U.S. healthcare sector. As one of the first experts in the HIPAA regulations, Eagle consulted and assisted a medical practice management software vendor navigate the transition into the new HIPAA world. This multi-faceted relationship included education for top management regarding the HIPAA regulations, product design consulting to assist the vendor with new functionality required for HIPAA, risk management assistance through adjustment of its service contracts with clients and a partnership arrangement to deliver HIPAA education services to hundreds of the vendor’s clients. More specifically, the following consulting services were provided:
- HIPAA Privacy and Transactions Compliance. Eagle assisted this vendor with design of new software features to help their clients comply with both HIPAA Privacy and the HIPAA transactions rule. Transactions compliance included the addition of new data elements to satisfy the situational data requirements of their target customer, design suggestions for proper accounting with the ANSI 837 COB (electronic secondary transactions), assessment of CMS activities including the their guidance on “contingency plans”, and product functionality to handle the ANSI 270/271 (eligibility) and ANSI 276/277 (claim status inquiry). For HIPAA Privacy, a number of enhancements were suggested to facilitate the medical practice’s compliance with a number of the HIPAA Privacy provisions.
- Client Training. A series of client training classes were designed, marketed, and conducted to educate clients on their responsibilities for HIPAA Privacy and HIPAA Transactions compliance. The training materials a detailed review of policy and procedure requirements for the clients, a guide to the new data elements mandated by the ANSI 837, screen images of the application program highlighting the new data items, and demonstration of new program functionality for eligibility and claim status inquiry. More than one hundred practices were trained generating $35,000+ revenues for the VAR.
- Legal and Client Relations. Eagle recommended that the vendor proactively offer clients a Business Associate Agreement. Eagle drafted the HIPAA Business Associate agreement and integrated it into the VAR’s software license and support agreement. By offering this agreement to all clients, the vendor was able not only ease the compliance effort for their clients, but also to eliminate the time and effort of reviewing customer-prepared agreements which have proven in many cases to contain onerous and one-sided provisions which go beyond the HIPAA requirements.
As a result of the proactive approach taken by this vendor, appropriate technical, legal, marketing and client service activities were done which provided their clients a smooth transition to compliance with the new HIPAA requirements. All of Eagle Consulting Partners’ service fees were offset from training revenues that they shared from client HIPAA training.