How to Manage the HIPAA Business Associate Process

How to Manage the HIPAA Business Associate Process

If you are a healthcare organization that has vendors providing services as a HIPAA Business Associate, managing this process can be confusing. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity healthcare provider.

Having a systematic process to handle these business relationships to ensure a healthcare organization’s protected health information is being properly accessed and protected by the business associate is critical.

Organizations must know how to identify business associates. Business associate functions and activities include the use of tracking technologies, claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; and practice management. Business associate services are legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial.

Webinar Objectives

  • How to determine if a vendor is a HIPAA Business Associate.
  • How to assess a vendor in determining compliance with HIPAA requirements.
  • Understanding the Business Associate Agreement (BAA) process and making sure all government mandated requirements are in place.
  • I like this vendor, but…..
  • Focus on tracking technologies and third-party vendors.
  • What if a Business Associate causes a breach of your organization’s data.
  • Review case examples of HIPAA breaches.
  • What are the penalties and fines for non-compliance and how to avoid them?
  • Q&A

Webinar Highlights

  • Learn from an expert who has served as a HIPAA Compliance Officer in a large organization.
  • Learn how to manage the Business Associate process.
  • Learn how to develop and use a Vendor Security Questionnaire.
  • Learn how to audit your Business Associates.

Who Should Attend

  • Compliance Officer
  • HIPAA Privacy Officer
  • HIPAA Security Officer
  • Medical/Dental Office Managers
  • Practice Managers
  • Information Systems Manager
  • Chief Information Officer
  • General Counsel/lawyer
  • Practice Management Consultants
  • Any Business Associates that access protected health information

 

HIPAA Business Associate Compliance and Dangers

HIPAA Business Associate Compliance and Dangers

This webinar is for HIPAA Covered Entities (CEs) and Business Associates (BAs). Criminals increasingly focus cyber-attacks on BAs because one hit can give them access to PHI of all the BA’s customers. Growth of serious BA PHI breaches affecting tens of millions of patients put the spotlight on BA HIPAA compliance, attracting HHS Office for Civil Rights investigations and aggressive private class action lawsuits filed within days of a breach targeting BAs and their CE customers. CEs that did nothing wrong can still be held liable to pay the same civil money penalty as their BA for the BA’s HIPAA violation under the Federal Common Law of Agency which is included in the HIPAA Enforcement Rule.
Simple steps, often overlooked but easy to follow, enable CEs and BAs to protect against costs and damage to their reputations caused by violations of HIPAA Rules that apply to BAs. The chain of HIPAA compliance starts with a CE. It extends to a BA that provides a CE with services involving PHI. And the chain of compliance continues on down to any subcontractors of a BA that perform services involving PHI. BA subcontractors are defined by HIPAA as BAs and are fully liable for compliance.

  • CEs must obtain “satisfactory assurances” from each BA, documented in writing, that the BA complies with HIPAA before disclosing PHI to the BA or allowing the BA to create, receive, maintain or transmit PHI on their behalf.
  • BAs must obtain “satisfactory assurances” from each Subcontractor BA, documented in writing, that the Subcontractor BA complies with HIPAA before permitting the Subcontractor BA to perform services involving PHI.

This webinar explains the interconnected HIPAA compliance responsibilities and liabilities of CEs and BAs. HIPAA Rules that apply to both are easy to follow, step-by-step, when you know the steps.

HIPAA Rules that apply to CEs in dealing with BAs and that BAs must follow are discussed and explained including:

  • Serious Business Associate HIPAA Violations
    Brief review of current OCR BA Enforcement and Class Action lawsuits based on BA HIPAA violations
  • Explanation of how HIPAA Rules apply to BAs
    • Security, Privacy and Breach Notification Rules
  • Business Associate Agreements and the key Agency Issue – Don’t make your BA or Subcontractor BA your legal agent by mistake like many do
  • CE Due Diligence for BAs and BA Due Diligence for Subcontractor BAs
  • Who’s in Charge? – Responsibility & Authority – Responsibility of Senior Management and Owners – Delegation of Authority for development and implementation of a BA HIPAA compliance program

Why You Should Attend This Webinar

CEs can find themselves fully liable for HIPAA violations committed by BAs and BAs for violations committed by Subcontractors under the little known Federal Common Law of Agency. However, risks associated with BA HIPAA compliance can be managed calmly and confidently by following the HIPAA Rules that are easy to follow, step-by-step.
CEs should attend to see what to look for in Due Diligence, how to obtain HIPAA required satisfactory assurances that a BA is complying with HIPAA and avoid liability by inadvertently making a BA their agent.
BAs should attend this webinar to see exactly what they must do to comply with HIPAA Rules – Security, Privacy and Breach Notification Rules. And what to look for in Due Diligence and how to obtain HIPAA required satisfactory assurances that a Subcontractor BA is complying with HIPAA while avoiding liability by inadvertently making a Subcontractor BA their agent

Who Should Attend This Webinar

Covered Entities of all types who disclose PHI to BAs and allow BAs to create, receive, maintain and transmit PHI on their behalf
Business Associates of all types including for example:

  • Billing and Coding companies
  • Practice Management Companies
  • IT Vendors
  • Data Storage firms (electronic and paper)
  • Secure and unsecure providers of PHI email and text message services
  • Vendors of patient satisfaction surveys
  • PHI record retrieval and release of information vendors
  • Law and Accounting Firms
  • Health Plan Third Party Administrators
  • CE Owner – CEO – COO Compliance Manager
  • Board of Directors – for profit and non-profit CEs
  • Healthcare Practice Manager
  • Administrator, Long Term Care Facility
  • BA Owner – CEO – COO
  • Security and Privacy Officers
  • Compliance, Information Security and Risk Management Directors
  • Business Manager
  • Attorney – General Counsel, Associate General Counsel, Inside Compliance Attorney, Outside Health Law Attorney

Venue: Recorded Webinar

Enrollment option

Related Events

Emergency Services, Staffing and Responsibilities, Provision of Services, Emergency Procedures and EMTALA
Compliance Webinars
Live Webinar

Emergency Services, Staffing and Responsibilities, Provision of Services, Emergency Procedures and EMTALA

Critical Access Hospitals (CAHs) must comply with the Centers for Medicare & Medicaid Services’ Conditions of Participation located in Appendix W in the manual. This eight-part webinar series will cover the CAH CoP manual. There were changes and new regulations for CAHs in 2020, including a change to all the tag numbers, some which do not include Interpretive Guidelines or Survey Procedures. Changes include infection prevention and control and antibiotic stewardship, QAPI and Swing Bed changes. This seminar will help CAHs comply with specific CoP problem areas, such as nursing care plans, necessary policies and procedures, medication administration and drug storage, and informed consent to name a few.   Part Two of Eight: Emergency Services, Staffing and Responsibilities, Provision of Services, Emergency Procedures and EMTALA Objectives Describe staffing requirements and supervision Recall the required14 emergency department written policies that must be present Describe that CMS has a list of emergency drugs and equipment every CAH must have Recall that a CAH must comply with EMTALA requirements Emergency Services 14 Emergency department policies ED staffing Equipment, Supplies, and Medication Blood and Blood Products Staffing/Personnel Coordination with Emergency Response Systems Staffing and Responsibilities Staffing and responsibilities Physician supervision Transfer of patient Patient admissions Provision of Services Patient care policies Scope of services Emergency medical services Medical management Diagnostic and therapeutic services Supplies Outpatient services Outpatient director Inpatient services Census and Ensuring compliance EMTALA Physician lists Central log Medical Screening examination Admit or transfer Appendix and Resources

Governing Board, Agreements and Contracted Services, QAPI, Discharge Planning
Compliance Webinars
Live Webinar

Governing Board, Agreements and Contracted Services, QAPI, Discharge Planning

Critical Access Hospitals (CAHs) must comply with the Centers for Medicare & Medicaid Services’ Conditions of Participation located in Appendix W in the manual. This eight-part webinar series will cover the CAH CoP manual. There were changes and new regulations for CAHs in 2020, including a change to all the tag numbers, some which do not include Interpretive Guidelines or Survey Procedures. Changes include infection prevention and control and antibiotic stewardship, QAPI and Swing Bed changes. This seminar will help CAHs comply with specific CoP problem areas, such as nursing care plans, necessary policies and procedures, medication administration and drug storage, and informed consent to name a few.   Part Four of Eight: Governing Board, Agreements and Contracted Services, QAPI, Discharge Planning Objectives Describe that CMS requires the Board enter into a written agreement for telemedicine services Describe requirements for contract management for a CAH Describe the essential elements of a QAPI program and Board responsibilities Recall the requirement for when a discharge evaluation must be completed Organizational Structure and Governing Body/Individual Governing body/Individual’s responsibilities Appointment to medical staff Telemedicine services and requirements Required disclosures Agreements and Contracted Services Agreement with providers or suppliers Lab and diagnostic services Food services Quality Assurance Performance Improvement - QAPI Changes to the QAPI program Requirements of a QAPI program QAPI standards Data collection and analysis Reference: Standards and guidelines for Acute hospitals Discharge Planning Need for effective discharge planning process Discharge evaluation and plan Review of discharge planning process Requirement to assist in PAC selection Appendix and Resources

Excel Meets AI: Boost Your Productivity with ChatGPT
Compliance Webinars
Live Webinar

Excel Meets AI: Boost Your Productivity with ChatGPT

In today’s fast-paced and data-driven world, efficiency, accuracy, and innovation are more critical than ever. This 60-minute session will introduce you to the seamless integration of ChatGPT with Excel, showing how AI can dramatically boost your spreadsheet capabilities. Learn how to speed up data analysis, automate tedious tasks, and uncover deeper insights—all with the help of AI. Whether you’re building complex formulas or running data analysis, integrating ChatGPT into your workflow allows you to bypass manual processes, generate powerful insights faster, and make smarter business decisions. This course is designed to meet the needs of both seasoned Excel pros and beginners looking to enhance their skills with the power of artificial intelligence. Why You Should Attend This session is a must-attend for anyone looking to optimize their use of Excel by incorporating cutting-edge AI technology. Whether you're a data analyst, business professional, or anyone who regularly works with spreadsheets, this training will equip you with practical skills to enhance your efficiency and make more informed decisions. Don't miss out on the opportunity to stay ahead of the curve and learn how to harness the power of ChatGPT to simplify complex tasks and boost your productivity. Topics Covered Introduction to ChatGPT and its integration with Excel Automating repetitive tasks in Excel with AI Generating complex formulas and functions using ChatGPT Enhancing data analysis and visualization with AI-driven insights Best practices for maximizing the synergy between Excel and ChatGPT Real-world applications and case studies Who should attend This training is ideal for Excel users of all levels, including data analysts, financial professionals, business managers, and anyone interested in leveraging AI to improve their productivity in Excel. Whether you're looking to automate tedious tasks or gain deeper insights from your data, this session will provide you with the knowledge and tools to elevate your Excel skills with ChatGPT.

Unemployment Insurance: 2025 Key Issues
Compliance Webinars
Live Webinar

Unemployment Insurance: 2025 Key Issues

The Federal and state unemployment insurance issues are another employment liability that employers must manage. Unlike other taxes however, state UI taxes and costs are experience-rated. Thus, employers have significant ability to control their sate UI tax liability. Additionally, because UI often becomes the gateway for other employment related costs, proper management of employers’ UI activities can have a positive impact on these liabilities. Unemployment insurance taxes and costs have increasingly become more important and represent a potentially critical liability. For some employers, UI tax liabilities and their relationship to other employment related costs have become significantly more important and now have a measurable impact on the bottom line. While higher UI tax liabilities are just most obvious risk created by employee separations and unemployment insurance claims; they are only the beginning. Unemployment insurance claims increasingly expose organizations to other potential liabilities: from wage and hour violations for misclassifying independent contractors, to providing plaintiffs with discovery opportunities in other types of employment litigation. Effective management of your organization’s unemployment insurance experience provides you with the opportunity to improve your talent management results, improve your hiring and onboarding processes, enhance your performance management and discipline procedures, and reduce your exposure to discrimination and wrongful discharge claims. Effective UI management allows you to use UI metrics to assess human capital risks, measure supervisor and manager performance, more accurately allocate resources, and have a positive impact on the bottom line. This webinar provides an update on federal and state UI issues, assesses the risks and costs associated with UI taxes and benefits, reviews the interconnection between UI and other employment and tax issues, and discusses effective UI tax management and cost control techniques. Why You Should Attend Gain an understanding of key unemployment insurance issues Discuss the strategic issues of employment stabilization and employee separation management Learn to identify and assess the risks associated with the federal-California UI program Discuss the financial implications of UI liabilities Learn how sound HR management practices reduce an organization’s exposure to UI liabilities and costs Identify and use UI Key Performance Indicators (KPIs) Areas Covered in this Session Update on 2024-2025 UI tax liabilities A discussion of federal UI law and potential changes Critical assessment of sttate UI laws Managing your organization’s UI tax liabilities Managing employment issues that impact your UI tax liabilities and other employment costs Who will Benefit HR professionals Payroll managers UI Specialists Operations managers CFOs Risk managers Compliance managers External and Internal Auditors