ZDNet Healthcare

Dana Blankenhorn
Home / News & Blogs / ZDNet Healthcare

All medical business associates to fall under HIPAA

By | July 9, 2010, 7:10am PDT

Summary: Expect the “business associates” language, which reaches to subcontractors, billing companies, and anyone engaged in patient safety, to become a major bone of contention as comments come in over the next two months.

A new set of HIPAA rules, crafted under the HITECH portion of last year’s stimulus, will place all business associates of doctors or hospitals within reach of the privacy law.

Expect this “business associates” language, which reaches to subcontractors, billing companies, and anyone engaged in patient safety, to become a major bone of contention as comments come in over the next two months.

The new rules are described on a health privacy Web site. They were announced jointly by NCHIT David Blumenthal and Georgina Verdugo, director of the Office for Civil Rights at HHS. Both emphasized the increased patient rights to records in the proposal.

Privacy advocates seem overjoyed about the proposal, and partly for that reason groups like HIMSS can be expected to take a long look before signing-on. HIPAA and its process requirements were already being blamed for the refusal of many practices to automate, and now those rules cover everyone who might touch any part of a patient record.

Some of the coming pushback can be seen in this Reuters story on the new rules, which emphasizes the “heavy fines” that might accrue to billing companies, customer service contractors, and others which would now total $1.5 million a year.

AHIMA, which represent the group once known as records librarians, sent out a press release approving the proposal. Its members would presumably become gatekeepers for the new rules, and their influence would increase.

Insurers and drug makers will have to be very careful in addressing the new rules, which greatly limit what patient data they access for marketing purposes. Maybe they’ll act like the car dealers in the FinReg bill and win themselves a special carve-out.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “ZDNet Healthcare”

Topics

Hipaa, Regulatory Compliance, Regulations, Healthcare, Government, Human Resources, Policies And Procedures, Dana Blankenhorn

Disclosure

Dana Blankenhorn

Dana Blankenhorn has been a journalist, writer and part-time futurist for over 30 years. At the present moment I run only a personal blog in addition to my ZDNet open source blog. DanaBlankenhorn.Com has the subtitle The War Against Oil. In the past I have used it to write about political history, e-commerce, personal matters, some ideas related to open source, and The World of Always On, which is the idea of using sensors, motes and RFID to turn WiFi links into platforms for applications which live in the air. My IRA account at Schwab holds a few tech shares, most notably some Intel and Applied Materials, but there are no open source companies in it. I don’t even own any CBS stock.

Biography

Dana Blankenhorn

Dana Blankenhorn has been a business journalist since 1978, and has covered technology since 1982. He launched the Interactive Age Daily, the first daily coverage of the Internet to launch with a magazine, in September 1994.

Talkback Most Recent of 9 Talkback(s)

  • Remind us again
    why this isn't a powerful disincentive to committing any patient data to electronic record-keeping?

    I'd see the primary beneficiaries as the pulp and paper industry.
    ZDNet Gravatar
    Yagotta B. Kidding
    9th Jul 2010
  • RE: All medical business associates to fall under HIPAA
    @Yagotta B. Kidding I don't think that is an option any more. While we focus on the carrots in the HITECH Act we forget about the sticks, which would ultimately put paper-based practices out of business.
    ZDNet Gravatar
    DanaBlankenhorn
    9th Jul 2010
  • RE: All medical business associates to fall under HIPAA
    @Yagotta B. Kidding

    Right, but HIPAA applies to the paper too, in fact so far several breach notices involving more than 500 patients involved lost or stolen paper charts.
    ZDNet Gravatar
    tonymaro
    10th Jul 2010
  • Anyone ...
    Anyone who gets to look at a Social Security number needs to be under these guidelines! Paper or Electronic.
    ZDNet Gravatar
    wkulecz
    9th Jul 2010
  • RE: All medical business associates to fall under HIPAA
    @wkulecz I agree. But we also need a better index term. The SSN is too short, and it's not supposed to be used as it is in fact being used.
    ZDNet Gravatar
    DanaBlankenhorn
    9th Jul 2010
  • It's not just SSNs
    Anything that could enable the identity of a person to be assertained should be protected from unauthorized release. Addresses, phone numbers, and precise demographics, and diagnoses and procedures are all part of Personal Health Information (PHI).

    The purpose of HIPAA is two-fold. Everyone concentrates on the privacy/security portion and ignores the other half that requires standardization and interoperability for the transmission of personal healthcare information between the people who have a valid need for it. Insurance agencies need that information from care givers for proper billing. Care givers need that information for proper care, especially for the medical history and physical conditions of the patient. The government needs that information for identification of adverse health trends, and for allocation of health care funding. Individuals need that information on themselves to understand their conditions, the care provided, and what their options are. Quality improvement organizations need that information in order to advance medical knowledge and technology.
    ZDNet Gravatar
    Dr_Zinj
    9th Jul 2010
  • I worked for a medical billing company...
    back in the early 1990s. They took patient privacy very seriously, but some of their competitors really didn't. I was always amazed at "dumpster diving" stories that popped up every few months. Many were clear fabrications, but I can remember a few where criminal charges were pursued. The company I was at had its own incinerator, so nothing with patient or doctor identifiable information was ever discarded without being turned to ash first. If something like that wound up in a trash container headed for the dumpster and was discovered, somebody was almost certainly going to get fired.
    ZDNet Gravatar
    jasonp@...
    9th Jul 2010
  • The scary part
    The scary part is that too many regular paper storage vendors don't understand that if they have a single medical record in storage they are now bound by those rules as well... being intimately familiar with the HITECH act I am amazed that local and regional storage companies aren't sending the paper records back to the hospital and refusing to store them. Not to mention data storage vendors...

    Want to know just how bad it can be?
    http://tiny.cc/8mdvm

    http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
    ZDNet Gravatar
    tonymaro
    10th Jul 2010
  • Thanks
    @tonymaro Thanks for that. It's important for people to understand that the HIPAA requirements, which many used for a decade as an excuse not to automate, also apply to paper records.
    ZDNet Gravatar
    DanaBlankenhorn
    13th Jul 2010

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources