Requirements HIPAA compliance has been changed greatly by ARRA (American Recovery and Reinvestment Act) and Title XIII it is called HITECH “Health Information Technology for Economic and Clinical Health” Act. With this latest promotion law, now business associates are responsible for the security and privacy requirements that were previously only required for covered entities. In addition, business associates also subject to criminal and civil penalties. In law, there is a provision included that allows patients to obtain financial compensation for breach of privacy.
In this latest federal medical privacy laws extra strength is also added to the implementation of part of the law. The most important changes are:
labor and workers, including independent contractors, all are subject to civil penalties for violations. This means that people are now legally responsible. It is also necessary for HHS to investigate formally to objections and to enforce civil penalties disobedience rules disobedience if this is due to deliberate negligence. There is a need for this law that any monetary settlement or social monetary penalties arising disobedience rules involved OCR “Office of Civil Rights” for the implementation of security and privacy rules. Social financial sanctions are now tiered system that ranges from $ 100 to $ 50,000 for violations. HHS secretary is required to perform intervals to ensure that the covered business associates and members of the complaint with the new rules. Attorney General of the state has the power to suit the regional court for disobedience on behalf of the state of their population.
In response to complaints, business associates can take a few steps. In these steps, the first thing is to be sure you are properly classified. For example, you are an independent contractor and service provider, and you are not directly working with the covered entity, it means that you are not a colleague. But, you are a subcontractor or agent for business associates. It is very important for independent developers to know if his contract with the covered entity that makes him a colleague and all new laws apply to him
Some things to consider are as follows :. Assign responsibility for obedience to one person. Although you can assign a team to work on compliance issues, the name of one person should be a public officer and will be responsible. This man should not be employed but can be a moderator. A consultant can use if you think it works well. But it is necessary that you someone designated for this position.
Before you sign a business associate agreement, you must be sure both privacy and safety. Many points are there to follow those rules. You must follow written procedures and policies. You must have an emergency plan for any business interruption. Understand that you are responsible for all activities of employees. It is required by regulations to train workers and policy should be documented. For remote monitoring personnel will be more challenging but possible.