Covered Entities Responsible for Business Associates
We have years of experience helping small healthcare entities become accredited by The Joint Commission. When we looked at the new standards for business associates under the HITECH Act it looked very similar to accreditation. They need policies and procedures, approved forms, a privacy officer, a security officer and they have to maintain ongoing compliance.
The difference is in the enforcement. There are agencies such as The Joint Commission who have the authority and responsibility to measure compliance with the standards. They are also allowed to collect payments for these services which funds on-site surveys.
HHS has essentially made the covered entity responsible for enforcement of The HITECH Act but given them no authority or any revenue for enforcement. Responsibility without authority is tough, without revenue it is even tougher. Their only leverage is that in most cases the business associate is a vendor to the covered entity and wants to continue doing business with them. But clearly the covered entity can't do on-site surveys without any revenues to support them, so they must find another way of measuring the compliance of their business associates.
The Internet provides the medium to connect the two but there must be tools and expert advice in place to help the business associate attain and maintain compliance and metrics in place to measure their success or failure.
We have applied our expertise in accreditation to the HITECH compliance problem and delivered Compliance Helper which gives the business associate the tools they need to become compliant and simultaneously given the covered entity a free service to observe their success.
Take a looks at the video demonstration at www.compliancehelper.com and you will see how this works.