By Jack Anderson
October 21, 2013
One would think that HIPAA compliance is the same for business associates(BA) and covered entities(CE) but there are differences. First is the necessity of signing a BA agreement (BAA) with the CE. This may contain more requirements than HIPAA and if the BA wants do do business with the CE they may have to meet these extra requirements. Secondly, the CE is required to get “satisfactory assurance” from the BA that they are compliant. The easier the BA can make this for the CE and in fact all of their CEs the less time and effort they will have to spend proving their compliance. Finally the BA may not have to meet all of the elements of the Privacy Rule and so needs quidance on what parts do apply to them.
The Compliance Meter(tm) was developed primarily for BAs to be able to quickly and easily provide proof that they were compliant on an on-going basis. Most of our clients post the meter on their marketing website so that their CE partners can see at a glance that they are current and compliant. Here is how it works:
BA gets templates of policies, procedures, and forms (PPF) that meet the standards
BA goes thru a step by step process to edit the PPF to fit their organizations under the supervision of a privacy and security expert called a Helper
Their scores for PPF go up as they are approved by the Helper
They are also assigned Tasks to complete that guide them through the initial setup.
Once they have achieved 100% on their meter they go on maintenance, that is called Care
Each month they get a Task list and any updates to PPF and their scores drop until they complete the Tasks and update the PPF.
If the CE want to drill down the BA can give them read only access to look at all of their compliance activities.
We have had many BAs call us needing to get compliant, stay compliant, and prove compliance and with our Prepare/Care programs and the Compliance Meter(tm) we have been able to meet their needs.