National quality organizations offer new HIPAA compliance program

July 14, 2003

The Health Insurance Portability and Accountability Act compliance sweepstakes got a little easier this week. The Joint Commission on Accreditation of Healthcare Organizations and the National Committee for Quality Assurance announced a new program to

The Health Insurance Portability and Accountability Act compliance sweepstakes got a little easier this week. The Joint Commission on Accreditation of Healthcare Organizations and the National Committee for Quality Assurance announced a new program to help business associates achieve certification.

The Privacy Certification Program for Business Associates is designed to assess whether organizations referred to as business associates of covered entities under HIPAA are meeting essential requirements for safeguarding personally identifiable medical information.

Sections of the HIPAA Privacy Rule and Security Rule require certain protections for such information. (The Privacy Rule went into effect last April, and the Security Rule goes into effect in April 2005.) The rules establish specific expectations for covered entities such as health plans and hospitals, which are in turn required to obtain satisfactory assurances that their business associates are protecting private healthcare information.

Business associates in the HIPAA sense include software and information technology vendors, third-party administrators, disease management organizations, and practice management firms.

Under the JCAHO/NCQA plan, business associates will initially use a Web-based tool to assess their compliance with HIPAA standards. Then a JCAHO survey team will conduct an onsite review. Each onsite review will produce a pass/fail result, and a pass will be valid for two years. Surveys begin in August.

Early participants in the Privacy Certification Program include four disease management organizations, two health plan survey vendors, an information technology firm, and an imaging group.

"Involvement in this program has caused us to assiduously review our practices and policies and work diligently to comply with the standards and applicable law," said Denise C. Russell, vice president for sales and marketing of National Imaging Associates in Rancho Cordova, CA. "It also renews our commitment to educational efforts."

By their participation, Russell said National Imaging Associates hopes to demonstrate state-of-the-art privacy and security processes.

"Hopefully, these credentials will demonstrate our commitment to covered entities and assist them with due diligence review and ongoing monitoring," she said.

The Privacy Certification Program is designed to help business associates address several issues:
? privacy protections for oral, written, and electronic health information
? processes and practices respecting the use, disclosure, and secure storage of personal health information
? employee training in protecting personal health information
? consumer access to their own health information
? contracting between covered entities and their business associates