HIPAA/HITECH COMPLIANCE
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) included requirements that Congress and the Department of Health and Human Services (HHS) develop new health data security and individual health information privacy standards. The Health Information Technology for Economic and Clinical Health (HITECH) Act contains a sweeping expansion of the HIPAA Privacy and Security Rules. The HITECH Act affects business associates entities that use or have access to Personal Health Information (PHI) when providing services on behalf of health plans, health care providers, and health care clearinghouses, defined as “covered entities” under HIPAA.
College Benefits Group, LLC is committed to comply with HIPAA/HITECH standards. HIPPA/HITECH Security Standards compliancy is accomplished by ensuring systems, policies and procedures meet or exceed all required and addressable implementation specifications.
TRANFSER OF ENCRYTED DATA
Interface and database connectivity is encrypted and/or password protected and electronic access is limited to only those entities that have been authorized. All PHI or other sensitive data transferred or received by College Benefits Group, LLC must go through encrypted and password protected protocols. Your organization can send encrypted data through our Encrypted Data Transfer Form that will be received by College Benefits Group’s HIPAA/HITECH Compliance Officer and then delivered to the authorized College Benefits Group, LLC senior manager.
HIPAA BUSINESS ASSOCIATE AGREEMENT
The HITECH Act makes business associates subject to many of the same obligations as covered entities under the Privacy and Security Rules. Business associates that have not been subject to HIPAA before must become familiar with the new changes to HIPAA contained in the HITECH Act or risk becoming inadvertently non-compliant and subject to stiff penalties. The compliance deadline for the new HIPAA requirements was February 17, 2010.
College Benefits Group, LLC is committed to complying with the Privacy and Security Rules that previously were only the concern of covered entities but now also apply to business associates. As part of this effort, College Benefits Group, LLC has reviewed and amended its existing policies and procedures, created privacy and security officer positions, trained staff members regarding the new changes, and evaluated IT systems and encryption capabilities. College Benefits Group, LLC is committed to compliance in all aspects of its business, and to that end we work diligently to prepare for all applicable requirements of HIPAA and HITECH Act. College Benefits Group Business Associates: If your organization is planning to do business with College Benefits Group and fall under the HIPPA/HITECH Privacy and Security Rules then you will need to obtain a College Benefits Group, LLC Business Associate Agreement (BAA). The BAA can be obtained from either a senior College Benefits Group, LLC manager or from College Benefits Group’s HIPAA/HITECH Compliance Officer.
We will continue to monitor the latest HIPAA/HITECH news and legislation to ensure our compliance, where required, and as agreed upon with our clients. For any additional questions or concerns, please contact:m |