By Jack Anderson
June 9, 2014
I just got back from conducting a HIPAA Omnibus workshop at the AALTCI conference in Kansas City and from the many discussions I had with managing general agents, and carriers it became clear that we are approaching the “tipping point” for HIPAA compliance. The carriers are the key to this new movement because they are the covered entities and so have the responsibility to make sure that their business associates and sub contractors are HIPAA compliant.
There are still a few hiccups along the way. I was told a story about a carrier, who was not named, that sent out an email to a list of all of their producers notifying them that HIPAA compliance was a requirement. Unfortunately they listed the tax id numbers for all of them which in many cases was their social security number. Oops! But don’t confuse their clumsiness with lack of intent; they understand that the days of just getting everyone to sign a BA agreement and hoping that they were compliant are over.
As the carriers increase the pressure to get HIPAA compliant it puts additional pressure on the managing general agents to make sure that the producers that they work with are also compliant. Many MGA’s spoke up in the workshop and said they they would no longer work with a producer that would not sign a BA agreement. The next step for them is to take steps to ensure that they are actually living up to their agreements. Trust but verify!
How does a small producers get HIPAA compliant, stay compliant, and prove compliance to their carriers and MGAs? Borrowing or buying a manual and sticking it up on the shelf will not suffice and there is no certification for HIPAA compliance that is approved by HHS. What you need to be able to prove is that you have a on-going plan, you are executing the plan, and you are documenting your HIPAA compliance activities. Documentation is critical and is what will build a legal firewall around your company.
Ok, that is what you need to do but how do you do that on a very small budget? We pondered this problem back in 2010 when we signed up our first MGA and once we got them HIPAA complianthey asked what to do with their 400 producers. We knew that the services that we had provided to the MGA was too complex and too expensive for the producers so we developed a new program called Micro for producers with from 1-5 employees. The curent price for this program is $99 setup charge and $29.50 per month. For this the producer gets a website with a set of policies, procedures, and forms pre-edited to fit their business model and access to a HIPAA expert we call a Helper. Every month they get a task list of HIPAA compliance activities that they must accomplish which includes an attestation form. The form includes a short HIPAA quiz and require the producer to sign an attesation that they have done their HIPAA tasks for the month. These attestations are stored as documentation of their HIPAAA compliance activities and they also drive their Compliance Meter® which they can post on their website as proof of compliance. If their carrier or MGA requests proof they can also let them look at their website and verify all of their activities.
The important thing to understand about HIPAA compliance is that it is not an event it is a process. An on-going process that requires documentation. We are continually asked by potential clients whether they can just buy the policies, procedures, and forms and not do the monthly tasks. We can’t in good conscience do that since they would have the false hope that they were compliant.
Get compliant, stay compliant, and prove compliance with the Compliance Meter® and check us out at www.compliancehelper.com