HIPAA and Privacy
BHBC regularly advises clients on issues related to the Health Insurance Portability and Accountability Act (HIPAA). Our HIPAA attorneys assist clients in ensuring their compliance with security and privacy requirements for healthcare information.
Although HIPAA has become synonymous with patient privacy, Alaska healthcare providers need to be equally concerned with the Confidentiality of Medical Information Act (CMIA). Together, these two laws address not only patient privacy requirements, but also electronic standardization, security, and other requirements governing the handling and transmission of health information.
Federal and Alaska state law have significant differences in the area of patient privacy. With respect to coverage, for example, HIPAA regulations apply to “covered entities,” which include healthcare providers who transmit healthcare information in electronic form (using a standard transaction), healthcare clearinghouses (e.g. billing companies), and health plans. CMIA, by contrast, has a far broader scope of coverage. In many areas, CMIA is actually more stringent than HIPAA in establishing safeguards for patient privacy.
BHBC routinely designs and implements HIPAA compliance plans, which the Health Information Technology for Economic and Clinical Health (HITECH) Act rendered mandatory for both covered entities and business associates beginning on February 17, 2010. In addition to preparing compliance plans, we provide the following specific services:
- Audits of the state of HIPAA compliance in your organization
- Provision of business associate agreements and other HIPAA-compliant contracts
- Preparation of HIPAA compliant security and privacy policies and procedures
- Service on an ongoing basis as HIPAA compliance counsel
- Workforce training
Our HIPAA attorneys counsel providers to determine and ensure compliance with HIPAA and CMIA. We also work with providers who are responding to allegations of noncompliance by state and federal regulators. We have assisted numerous providers with developing compliant notices and practices in their practices, including government hospitals, physicians, and other medical care providers.