Accountants working in the healthcare industry need a HIPAA compliance solution that works for their company and for their clients’ businesses. Healthcare accountants are considered business associates (BAs) under HIPAA law. As such HIPAA for accountants in healthcare requires the same level of compliance as any other business associate.
A business associate is any entity hired by a covered entity (CE) to perform a service. The Department of Health and Human Services (HHS) recently released new guidance clarifying a BAs obligations under HIPAA law. Business associates can no longer feign ignorance, the Office of Civil Rights (OCR) is going after business associates with the same ferocity as covered entities.
HIPAA for Accountants: What are the Basic Requirements
Healthcare entities often hire accountants to audit their books. While auditing books, accountants are likely to come across patient information such as patient’s co-pay, insurance payments, and write-offs. HIPAA law considers this information to be protected health information (PHI). HIPAA was enacted to protect patient’s sensitive information, requiring organizations handling PHI to have safeguards in place to protect PHI.
Business associates handling PHI must have administrative, technical, and physical safeguards in place to secure PHI.
- Administrative: include policies, procedures, and employee training. Business associates must have written policies and procedures in place in regards to handling PHI. Access to PHI should only be granted to those who need access to complete their job functions. Employees must be trained annually on HIPAA requirements as well as an organization’s policies and procedures. Training must be documented to prove that employees attended training, read all of the material, and understand their obligations in regards to the handling of PHI.
- Technical: includes cybersecurity measures. Business associates must have proper technology in place to adequately safeguard PHI. Although specific security measures are not mandated, it is recommended that BAs implement encryption, firewalls, and data backup.
- Physical: relates to the security of an organization’s physical location. Areas containing PHI must be locked to prevent unauthorized access. Installing an alarm system is also recommended.
There are several additional HIPAA requirements such as self-audits, remediation plans, business associate management, and breach notification. As such, when working on your HIPAA compliance, it is best to consult an expert.
Do You Need Help with HIPAA for Accountants?
Compliancy Group can help! Our cloud-based compliance software, the Guard™, gives you the flexibility to work on your HIPAA compliance from anywhere that has an internet connection. Our expert Compliance Coaches™ will guide you through our six stage implementation process enabling you to Achieve, Illustrate, and Maintain™ HIPAA compliance.