We’ve found that often the Business Associates of our clients in healthcare — physician’s practices, hospitals, insurance companies and even government entities — have not fully complied with their HIPAA obligations to protect sensitive data. This is why we have developed a library of HIPAA policy templates for business associates which make compliance easier than ever.
Examples of HIPAA Violation fines for Business Associates
- In 2012, Accretive Health, a HIPAA Business Associate of North Memorial Healthcare of Minnesota, agreed to a $2.5 million HIPAA settlement with Minnesota Attorney General Lori Swanson. More details are available at Wake-Up Call for Business Associates which includes more information on the case.
- Catholic Health Care Services of Philadelphia, a Business Associate which provides management and information technology services to six skilled nursing facilities, during June of 2016, agreed to a $650,000 settlement involving multiple violations. Among the issues was the lack of policies regarding mobile devices and what to do in the event of a security incident. The HHS Office of Civil Rights press release regarding the matter contains more details.
What the government mandates: Effective in 2013, HIPAA directly regulates HIPAA Business Associates. Business Associates are obligated to comply with the entire HIPAA Security Rule and Breach Notification Rule and portions of the Privacy Rule. As a starting point, this requires an entire set of written policies and procedures for compliance with both the HIPAA regulations and the provisions of the HIPAA Business Associate Agreement — Click here for a listing of the provisions of the HIPAA Business Associate Agreement at the HHS.gov site.
Eagle’s HIPAA policy templates for business associates helps you meet these government requirements.
HIPAA Policy Templates for Business Associates
Meets Compliance Requirements with Templates Specifically Designed for Your Business
Business processes and workflows vary dramatically. Consider the difference between web hosting vendors, billing services, and data analytics companies. Depending on the nature of the business, some HIPAA standards are relevant and others don’t apply. Eagle has created templates based on its expertise and understanding of the workflows and business processes for several types of organizations who have HIPAA business obligations.
HIPAA Privacy & Security Policy Templates for Information Technology Companies
Finally, a policy template specifically designed to meet the regulatory requirements of Information Technology companies who provide software or services to healthcare organizations…
HIPAA Policies and Procedures for Third Party Administrators (Business Associates)
Are you a “Business Associate” (as defined by HHS) that needs to stay in HIPAA compliance? These policy templates are designed forThird Party Administrators (TPA) who administer health benefit plans… more details
HIPAA Policies and Procedures for Healthcare Cloud Computing Vendors
Are your customers demanding robust HIPAA compliance? These policy templates are designed specifically for medical cloud computing vendors to comply with your customer’s security questionnaires – which includes…
SAVE 20% (for a limited time) – input this code at checkout: Save-20