 |
HIPAA revisited The new regulations relate, in part, to the security of electronic protected health information (PHI) and also impose new compliance obligations on business associates of covered entities under HIPAA. As a provider of quality services to our members, WCHQ qualifies as a business associate under the Act. Wipfli LLC was engaged to conduct an external risk assessment of our Repository Based Submission (RBS) data reporting tool and information systems using the HIPAA rules, regulatory guidance and best practices for security as a baseline. We are pleased to announce that WCHQ systems were deemed to be in full compliance with both federal and state requirements. Although the WCHQ RBS tool does not include patient names, it does use individually-identifiable health information considered to be PHI under HIPAA. The audit results assure our members and strategic partners of the data integrity of the WCHQ RBS tool. Recently, updated business associate agreements (BAA) were sent to all WCHQ member organizations. The BAA incorporates the new obligations under the HITECH Act that are applicable to WCHQ in its role as a business associate. If you have not done so already, please sign and return the agreements as soon as possible. If you have any questions or would like more information about the BAA or the results of the audit, please contact Chris Queram at 608-826-6837 or by emailing cqueram@wchq.org. |
As
we move into a new age of health information technology, HIPAA regulations
strive to keep pace. The American Recovery and Reinvestment Act signed
into law last year included the Health Information Technology for Economic
and Clinical Health (HITECH) Act which expands the privacy and security
provisions under HIPAA. To ensure WCHQ meets the spirit and level of
the new regulations, we commissioned a rigorous and in-depth audit
of all of the privacy and security features of our information systems.
