Q. In the April issue of BOH, one of the Q&As discussed who must send out breach notification letters if the business associate (BA) was responsible for the breach. The answer was covered entities. Didn’t HITECH make BAs covered entities?
Dena Boggan, CPC, CMC, CCP, chuckled when someone recently suggested that her staff audit some patient records.
“I wish I had a staff,” laughed Boggan, HIPAA privacy/security officer at St. Dominic Jackson (MS) Memorial Hospital.
However, this is fairly typical in many healthcare settings, where HIPAA privacy and security officers often are the only individuals who are responsible for compliance.
The U.S. Department of Health and Human Services (HHS) proposed modifications to the HIPAA Privacy and Security Rules in July. In light of the changes, now might be a good time to make sure you and your colleagues understand those rules.
